Giter Site home page Giter Site logo

funson86 / funboot Goto Github PK

View Code? Open in Web Editor NEW
297.0 5.0 27.0 34.65 MB

基于Yii2的Saas快速开发平台,内置多商户并内置商城、论坛、CMS等子系统。Yii2/Mysql/Mongodb/Redis/Elasticsearch/SnowFlake雪花算法ID生成 RBAC动态权限 数据权限 定时任务 日志/消息 代码生成Gii升级

Home Page: https://www.funboot.net/

License: BSD 3-Clause "New" or "Revised" License

PHP 92.11% HTML 1.37% CSS 5.88% Less 0.19% SCSS 0.42% Batchfile 0.01% Shell 0.03% Hack 0.01% CoffeeScript 0.01%
yii2 funboot gii saas yii2saas yii2shop

funboot's People

Contributors

funson86 avatar huashenghunan avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

garyvalue ruixiaodantiandao chinaphp hongsyang funsonli luycheng nobodycmd bhexwvx reason211 jinchunguang desczero vcbal2580 wandhi-team caohui123 sohostysummer vartruexuan laodao77 mooonservice msechen lizhiyan89 mlkcloud royswale michael-f-chen phantoms007 cofess aheng0124 suofiya

funboot's Issues

Stored XSS In Funboot V1.1

Vulnerability Product:funboot
Vulnerability version: v1.1
Vulnerability type: Stored XSS
Vulnerability Details:

<script>alert(document.cookie)</script>

the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff

  1. First, log in: https://www.funboot.net/backend/site/login
    Default account: test
    Default password: 123456
    image

  2. After logging in, create a message here in the message list
    image

  3. When creating a message, users, titles, and content can be selected

It is found that the title can construct malicious code storage type XSS to obtain user information and access it through the network
image

  1. Clicking on 'sent' will reveal the pop-up cookie information
    image

Prove the existence of stored xss

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.