XSS cross-site scripting

XSS holes:

Vulnerability code:

<%
   xss=request("xss")
   response.write(xss)
%>
Copy the code

Exploit:

Bug fix:

Server.htmlencode (string) : The HTMLEncode method applies HTML encoding to a specified string. The fix code is as follows:Copy the code

<%
   xss=request("xss")
   xss=Server.HTMLEncode(xss)
   response.write(xss)
%>
Copy the code

About me: A network security enthusiast, dedicated to sharing original high-quality dry goods, welcome to follow my personal wechat public account: Bypass–, browse more wonderful articles.

Related Posts

Wewe: Open wechat, Slack and other group chat messages to the Internet

[Domain Driven Design practice] not to brag, but! To transfer Github fans to the public account, I did it!

Jingdong Taro: use technology liberation applet | comments on productivity