第一个: Vanilla About Me Plugin Persistant XSS Vulnerability Go to http://HdhCmsTest2cto测试数据 /index.php?p=/profile/editme/4/testmember Post your XSS In any of the text fields, for this we used the Real Name Field and the following XSS XSS: <script>alert('x')</script> Then if a user visits your about me page (http://HdhCmsTest2cto测试数据 /index.php?p=/profile/aboutme/4/testmember) the script will execute 第二个:: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability On Edit your account enter your XSS String in either the first name or last name field. Then if a user visits your page the XSS will execute. http://HdhCmsTest2cto测试数据 /index.php?p=/profile/myprofile/1/user XSS: <script>alert('x')</script> 第三个:Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability Create a new thread with your XSS as the thread title, the XSS will appear on the index page of the forum. XSS: <script>alert('x')</script>
查看更多关于Vanilla Forums几个插件的持久型XSS - 网站安全 - 自的详细内容...