XSS cross-site scripting

XSS holes:

Vulnerability code:

<%
   xss=request("xss")
   response.write(xss)
%>
Copy the code

Exploit:

Bug fix:

Server.htmlencode (string) : The HTMLEncode method applies HTML encoding to a specified string. The fix code is as follows:Copy the code

<%
   xss=request("xss")
   xss=Server.HTMLEncode(xss)
   response.write(xss)
%>
Copy the code

About me: A network security enthusiast, dedicated to sharing original high-quality dry goods, welcome to follow my personal wechat public account: Bypass–, browse more wonderful articles.

Related Posts

CMake: aux_source_directory: aux_source_directory

Springboot original basic tutorial well done

【VRPD Problem 】 The ant colony algorithm is used to solve the VRPD problem of armored vehicle transportation