发射型XSS
漏洞的原理及修复方法
1.常见的触发场景
2.漏洞原理
3.漏洞危害
4.一些tips
5.如何避免&修复漏洞
直接将用户数据输出到浏览器,没有做安全处理
搜索:
www-data@:~/controller$ vim searchController.class.php
<?php
class secrchController extends baseController{
public $conn;
public function searchAction()
$keyword = request('keyword');
if( $keyword && $this->loged){
$model = new searchModel();
$feeds = $model->search($keyword);
$username = $this->username;
$url = '/index.php?c=mission&a=feed';
include 'tpl/search.tpl';
}elseif($this->loged){
$redirect = request('url');
$url = '/index.php?=mission&a=feed';
$username = $this->username;
include 'tpl/search.tpl';
}else{
$redirectURL = urlencode('http://poper.com/index.php?c=search&a=search');
header("Location: /index.php?c=index&url=".$redirectURL);
}
}
}
---------------------------------------------------------------------------------
www-data@:~/controller$ vim searchModel.class.php
<?php