标题: Winn Guestbook v2.4.8c Stored XSS 作者: G13 下载 地址: http://code.google.com/p/winn-guestbook/, http://www.winn.ws 影响版本: 2.4.8c 缺陷分析 There is no sanitation on the input of the name variable. This allows malicious scripts to be added. This is a stored XSS. 解决方案 升级到新版2.4.8d name=[XSS] 测试示例 The script can be added right in the page, there is no filtering of input. This can easily be exploited if the email address used is added to the "approved posters" list.
查看更多关于Winn Guestbook v2.4.8c Stored XSS - 网站安全 - 自学php的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did12702