[I] rpcz功能未经过滤输出到网页中，存在存储型XSS漏洞 (brpc)

via GitHub Sat, 07 Oct 2023 01:52:58 -0700


l1ubai opened a new issue, #2401:
URL: https://github.com/apache/brpc/issues/2401


   **rpcz功能未经过滤输出到网页中，存在存储型XSS漏洞**
   
   
   **To Reproduce (复现方法)**
   
   enable rpcz
   
![image](https://github.com/apache/brpc/assets/104127337/2f7a261e-5e90-49ce-986e-8aef2be9b610)
   
   之后向服务器发送存在恶意js的请求
   
   
![image](https://github.com/apache/brpc/assets/104127337/0318bed7-9196-4473-a7f8-7dc0d24e67a2)
   
   再次访问rpcz接口，恶意js会触发，造成存储XSS问题
   
![image](https://github.com/apache/brpc/assets/104127337/e6fc9cb7-d62b-4270-adc7-00bc68019e6e)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[I] rpcz功能未经过滤输出到网页中，存在存储型XSS漏洞 (brpc)

Reply via email to