inurl:".asp?strParents="

  • 日期:2016-03-28
  • 类别:
  • 作者:anonymous
  • 语法:inurl:".asp?strParents="
  • Author: Charley Celice (@charleycelice)

    99% of sites I found using this dork are vulnerable to XSS attacks. The

    "strParents" parameter seems to always be injectable.

    Example:

    https://example/whatever.asp?strParents=

    "/>&CAT_ID=1337&whatever=1337&etc...

    -stmerry