XSS holes:
Vulnerability code:
<%
xss=request("xss")
response.write(xss)
%>
Copy the code
Exploit:
Bug fix:
Server.htmlencode (string) : The HTMLEncode method applies HTML encoding to a specified string. The fix code is as follows:Copy the code
<%
xss=request("xss")
xss=Server.HTMLEncode(xss)
response.write(xss)
%>
Copy the code
About me: A network security enthusiast, dedicated to sharing original high-quality dry goods, welcome to follow my personal wechat public account: Bypass–, browse more wonderful articles.