An XSS story from my own blog

Original link: https://www.leavesongs.com/PENETRATION/xss-from-my-blog.html

15ef69f3-c60c-4b8e-9826-46690e54fafd.4c1

I received a few reminders this evening, and I opened it and saw that someone was testing XSS in the comment area of ​​my blog:

image-20220619003454334-16555700950171.png

Originally this kind of testing is commonplace, and this person failed to find XSS, I mostly closed the page before it was released.

But tonight I didn’t know why, so I took a look at the code I wrote and found an XSS vulnerability by myself:

image-20220619003357418.png

what is the reason?

0x01 Introduction to Development History

When I was developing this reply button, for convenience, I directly used the JavaScript pseudo-protocol to call the reply_to function, such as:

image-20220619003805674.png

reply

This article is reprinted from: https://www.leavesongs.com/PENETRATION/xss-from-my-blog.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.