当前位置:网站首页>Ctrip master XSS vulnerability

Ctrip master XSS vulnerability

2022-04-21 16:36:00 Sword-heart

Vulnerability Details

Disclosure status :

2010-08-02: The details have been notified to the manufacturer and are waiting for the manufacturer to process
2010-08-02: The manufacturer has confirmed , The details are only disclosed to the manufacturer
2010-08-12: The details are disclosed to the core white hat and experts in related fields
2010-08-22: The details are open to ordinary white hats
2010-09-01: The details are disclosed to the white hat
2010-09-06: The details are made public

A brief description :

The master station exists XSS, Non storage

Detailed instructions :

Vulnerability to prove :

http://www.ctrip.com/rp/uiserver2.asp?action=<script>alert(/xss/)</script>

Repair plan :

Copyright notice : Please quote source for reprint   Second master of Huo family @ Dark clouds

版权声明
本文为[Sword-heart]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204211632371298.html