@websec007
2017-05-06T23:54:29.000000Z
字数 664
阅读 1908
未分类
在此输入正文
<!DOCTYPE html>
<html>
<head>
<title><?php echo $_GET[''];?></title>
</head>
<body>
<center>
<h1>
<?php
$title = htmlspecialchars($_GET['title']);
echo $title;
?>
</h1>
<p>
content ......
</p>
</center>
</body>
</html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>XSS原理重现</title>
</head>
<body>
<form action="" method="get">
<input type="text" name="xss_input">
<input type="submit">
</form>
<hr>
<?php
$xss = $_GET['xss_input'];
echo '你输入的字符为<br>'.$xss;
?>
</body>
</html>
文章链接:
1. 51cto XSS的原理分析与解剖:http://netsecurity.51cto.com/art/201408/448305_all.htm