文章来源 |MS08067 Java代码审计5期作业
本文作者:zoom7
1、全局搜索XSS Filter 未发现对XSS进行过滤
![图片[1]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901491.png)
2、登录后发现XSS功能点
![图片[2]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901495.png)
3、测试
![图片[3]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901496.png)
4、抓包查看路由
![图片[4]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901497.png)
5、debug,更新数据库未做过滤
![图片[5]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901500.png)
![图片[6]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901513.png)
6、输出也未过滤
![图片[7]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-16729015131.png)
7、多个功能点xss弹窗
![图片[8]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901514.png)
![图片[9]-记一次简单的XSS漏洞审计(xss漏洞的正确分类)-Pikachu Hacker](https://blog.x8s.pw/proxy.php?url=https://secpulseoss.oss-cn-shanghai.aliyuncs.com/wp-content/uploads/1970/01/beepress-image-194655-1672901515.png)
本文作者:Ms08067安全实验室
本文为安全脉搏专栏作者发布,转载请注明:https://www.secpulse.com/archives/194655.html
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容