You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
申请友链 在友链处插入<img src=x onerror=alert(1)>
The application friend link is inserted at the friend link <img src=x onerror=alert(1)>
登录后台后,进入链接下的全部链接,触发XSS
After logging in to the background, XSS is triggered by entering all links under the link
此处,可直接攻击到管理员,甚至破坏网站,插入恶意内容、重定向用户、使用恶意软件劫持用户浏览器、繁殖XSS蠕虫等等
Here, you can attack administrators directly, even destroy websites, insert malicious content, redirect users, use malware to hijack users' browsers, reproduce XSS worms, and so on
修复建议:
Repair suggestions:
在代码中 写入一个XSS的过滤类,对一切用户的输入,输出的内容进行html实体编码
Write an XSS filter class in the code, all user input, output content for html entity encoding
No description provided.
The text was updated successfully, but these errors were encountered: