weixin_39786706 2020-11-30 11:03 采纳率: 0%
浏览 0

XSS vulnerability on linkifyURLs = 2

From evn.com on October 06, 2011 09:18:46

using: http://shellinabox.googlecode.com/svn/trunk/demo/demo.html but with linkifyURLs = 2 (instead of 1), print:

print "javascript:'.3.3.7/http://',alert(1);

it will create a link that when clicked will execute an alert.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=144

该提问来源于开源项目:shellinabox/shellinabox

  • 写回答

7条回答 默认 最新

  • weixin_39786706 2020-11-30 11:03
    关注

    From evn.com on October 06, 2011 00:24:51

    I meant:

    print "javascript:'.3.3.7/http://',alert(1);

    评论

报告相同问题?