网站地图    收藏   

主页 > 后端 > 网站安全 >

Vanilla Forums几个插件的持久型XSS - 网站安全 - 自

来源:自学PHP网    时间:2015-04-17 13:02 作者: 阅读:

[导读] 第一个: Vanilla About Me Plugin Persistant XSS VulnerabilityGo to http://www.2cto.com /index.php?p=/profile/editme/4/testmemberPost your XSS In any of the text fields, for this......

第一个: Vanilla About Me Plugin Persistant XSS Vulnerability

 
Go to http://www.2cto.com /index.php?p=/profile/editme/4/testmember
 
Post your XSS In any of the text fields, for this we used the Real Name Field and the following XSS
 
XSS:
<script>alert('x')</script>
 
Then if a user visits your about me page (http://www.2cto.com /index.php?p=/profile/aboutme/4/testmember) the script will execute

第二个:: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability
 
On Edit your account enter your XSS String in either the first name or last name field.
Then if a user visits your page the XSS will execute.
 
http://www.2cto.com /index.php?p=/profile/myprofile/1/user
 
XSS:
<script>alert('x')</script>


第三个:Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability

Create a new thread with your XSS as the thread title, the XSS will appear on the index page of the forum.
 
XSS:
<script>alert('x')</script>

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论