Open jas502n opened 8 years ago
谢谢提醒。这个查询页面由于当初只是考虑到本地使用,未曾想过要开放对外使用,所以没有作任何安全性考虑和输入过滤。如果是要对公众开放,的确是要考虑用户输入的过滤,以及一些其它安全措施。
在 2016年8月1日,下午1:43,jas502n notifications@github.com 写道:
图片bug1 :http://www.90xss.cn/wp-content/uploads/2016/08/2016080105425213.jpg http://www.90xss.cn/wp-content/uploads/2016/08/2016080105425213.jpg 图片bug2 :http://www.90xss.cn/wp-content/uploads/2016/08/2016080105425213.jpg http://www.90xss.cn/wp-content/uploads/2016/08/2016080105425213.jpg — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hanc00l/wooyun_public/issues/4, or mute the thread https://github.com/notifications/unsubscribe-auth/AMKwhNb3eVC1bV-srLyYjA_-TN9rPpSZks5qbYeOgaJpZM4JZQ2K.
图片bug0: http://www.90xss.cn/wp-content/uploads/2016/08/2016080105475716.jpg 图片bug1 :http://www.90xss.cn/wp-content/uploads/2016/08/2016080105425213.jpg 图片bug2 :http://www.90xss.cn/wp-content/uploads/2016/08/2016080105433112.jpg