对应用程序的Zap扫描检测到站点地图和偏爱图标上的"Web浏览器XSS保护未启用“漏洞。忽略这些URL是安全的,还是意味着应用程序易受攻击?to enable or disable the web browser's XSS protection mechanism.The following values would attempt to enable it: X-XSS-Protection: 1; report=ht
这是一些易受攻击的JavaScript代码: var payload = unescape(document.location.hash.substr(1)); document.body.innerText = "The payload is: " + payload;当我尝试用这个输入来利用它
http://localhost/xss.