Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site Scripting (XSS) #2

Closed
honcbb opened this issue May 7, 2017 · 1 comment
Closed

Cross-site Scripting (XSS) #2

honcbb opened this issue May 7, 2017 · 1 comment

Comments

@honcbb
Copy link

honcbb commented May 7, 2017

parameter value without rigorous filtration

File:Index.php

Poc Payload:

http://site/index.php?keyword=%22%3E%3Csvg/onload=alert(domain)%3E%22

Vesrion:5.2

unnamed

keyword does not check the output and input points, resulting in code triggering

unnamed 1

Resolving: Filtering encoding or escaping

@cooltey
Copy link
Owner

cooltey commented May 8, 2017

issue resolve at version v5.2

@cooltey cooltey closed this as completed May 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants