Closed LegalCheng closed 2 years ago
攻擊者學號:B10809023 @LegalCheng
被攻擊者學號與網址:B10815041 @Shing227 https://demo.shing227.works/
漏洞類型:XSS (color tag)
漏洞描述: 留言欄位注入[color=red]a<!--[/color]後再也沒人可以留言了
Poc: [color=red]a</span><!--[/color]
[color=red]a</span><!--[/color]
dup with #75 而且你沒有跑 js
splitline
commented
2 years ago splitline
commented
2 years ago
攻擊者學號:B10809023 @LegalCheng
被攻擊者學號與網址:B10815041 @Shing227 https://demo.shing227.works/
漏洞類型:XSS (color tag)
漏洞描述: 留言欄位注入[color=red]a<!--[/color]後再也沒人可以留言了
Poc:
[color=red]a</span><!--[/color]