layuimini icon indicating copy to clipboard operation
layuimini copied to clipboard

Published 20 hours ago verified publisher icon zhongshaofa

一个安全性小建议

Open Chinalover opened this issue 4 years ago • 0 comments

http://layuimini.99php.cn/onepage/v2/index.html#/page/a../../../../../onepage/v2/images/logo.png 如果后面的图片是用户恶意上传的html 即使后缀是图片格式 依然可以触发xss吧

Chinalover avatar Nov 18 '20 14:11 Chinalover