XSS过滤怎么全局应用 API模块遭受了xss注入

提问 未结 2 87
ming
ming VIP3 2021-06-08
悬赏:80积分
版本:renren-security 1 开发环境:
1. Login to the application as an authorized user. 2. Click the “Asking for advice” or “求教专区”button. 3. Click on the “Add” button. 4. Save a new piece of with a payload of “<img src=x onerror=alert(4)>”. 5. Click the “Asking for advice” or “求教专区”button. 6. Click on the newly created advice to observe the XSS.
回帖
  • 把admin里面的xss拷贝到api里面去吧
    0 回复
  • renren-api不是一直有xss过滤么? 怎么受到的攻击, 最近我们也要用这个模块, 有什么安全隐患?
    0 回复