in function `redirect`, if we can control the part of parameter `$redirect_url` and function `headers_sent` return True. the parameter `$url` will be spliced into javascript script.
we can use double quote to escape and execute any javascript script.
if we can control parameter `$url`, we can lead Reflective xss.
just like line 206 in `/admin/changedata.php`,parameter `$redirect_url` input from `$_POST['redirectto']` without any check.
暂无评论