XSS holes:

Vulnerability code:

<%
   xss=request("xss")
   response.write(xss)
%>
Copy the code

Exploit:

Bug fix:

Server.htmlencode (string) : The HTMLEncode method applies HTML encoding to a specified string. The fix code is as follows:Copy the code
<%
   xss=request("xss")
   xss=Server.HTMLEncode(xss)
   response.write(xss)
%>
Copy the code

 

About me: A network security enthusiast, dedicated to sharing original high-quality dry goods, welcome to follow my personal wechat public account: Bypass–, browse more wonderful articles.