XSS过滤怎么全局应用 API模块遭受了xss注入
| 版本:renren-security 1 |
开发环境: |
1. Login to the application as an authorized user.
2. Click the “Asking for advice” or “求教专区”button.
3. Click on the “Add” button.
4. Save a new piece of with a payload of “<img src=x onerror=alert(4)>”.
5. Click the “Asking for advice” or “求教专区”button.
6. Click on the newly created advice to observe the XSS.
