POC如下:
Dashboard—->Tools—->Shortcodes,Actions and Filters—->Add New —->fill name with “> and then fill any value with others. and then click “save” botton after done that,there would be the stored xxs
主要还是因为一些特殊字符如>等没有过滤从而导致了存储型的XXS
莆田SEO网络安全研究
POC如下:
Dashboard—->Tools—->Shortcodes,Actions and Filters—->Add New —->fill name with “> and then fill any value with others. and then click “save” botton after done that,there would be the stored xxs
主要还是因为一些特殊字符如>等没有过滤从而导致了存储型的XXS