Skip to content
This repository has been archived by the owner on Oct 25, 2023. It is now read-only.

Links插件高危XSS #6

Closed
Erope opened this issue Mar 15, 2020 · 3 comments
Closed

Links插件高危XSS #6

Erope opened this issue Mar 15, 2020 · 3 comments
Labels
bug Something isn't working

Comments

@Erope
Copy link

Erope commented Mar 15, 2020

这个插件之前就有人做过分析,简单来说就是

  1. 添加Links无验权,可不登录添加
  2. 添加的Links无过滤,可轻易XSS

利用难度低,几乎无条件
具体分析可见: https://cloud.tencent.com/developer/article/1180747
感谢.
@Erope
Copy link
Author

Erope commented Mar 15, 2020

作为演示,您的博客放了一个XSS的Alert,并无恶意,请看到后立刻删除

@bakaomg bakaomg added the bug Something isn't working label Mar 15, 2020
@bakaomg
Copy link
Owner

bakaomg commented Mar 15, 2020

已修复,请尽快更新)

@Erope
Copy link
Author

Erope commented Mar 15, 2020

感谢 ohmygattttttttql

@Erope Erope closed this as completed Mar 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bakaomg @Erope