Skip to content

CCW 手机版player无校验立即执行漏洞 #1

Description

@BenPaoDeXiaoZhi

攻击者可构造https://www.ccw.site/player/oid?autorun=1&fullscreen=false
格式的url,利用手机版不弹出扩展警告的漏洞进行恶意脚本执行
未发现大范围在野利用

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions