Z-blog FUNCTION/c_function.aspվű©

©:

Z-BlogһAspƽ̨Blog(־)֧Wap֧FirefoxOpreaڹʹ÷ǳ㷺ٷҳhttp://www.rainbowsoft.org/Z-blogϽǰ̨̨ܼ࣬ǿΪĲƷȫܴƣϴεxss©80secڲƷַһصĿվű©ϲƷϵһЩܴصĺ

FUNCTION/c_function.aspУUBBǩʱ©κûĿҳִjs룬øôûԻȡĿվȨޡ©£
Function UBBCode(ByVal strContent,strType)

Dim objRegExp
Set objRegExp=new RegExp
objRegExp.IgnoreCase =True
objRegExp.Global=True

If ZC_UBB_LINK_ENABLE And Instr(strType,"[link])>0 Then

objRegExp.Pattern=(\[URL\])(([a-zA-Z0-9]+?):\/\/\S+?)(\[\/URL\])
strContent= objRegExp.Replace(strContent,$2)

objRegExp.Pattern=(\[URL\])(.+?)(\[\/URL\])
strContent= objRegExp.Replace(strContent,$2)

objRegExp.Pattern=(\[URL=)(([a-zA-Z0-9]+?):\/\/\S+?)(\])(.+?)(\[\/URL\])
strContent= objRegExp.Replace(strContent,$5)

objRegExp.Pattern=(\[URL=)(\S+?)(\])(\S+?)(\[\/URL\])
strContent= objRegExp.Replace(strContent,$4)

objRegExp.Pattern=(\[EMAIL\])(\S+\@\S+?)(\[\/EMAIL\])
strContent= objRegExp.Replace(strContent,$2)

objRegExp.Pattern=(\[EMAIL=)(\S+\@\S+?)(\])(.+?)(\[\/EMAIL\])
strContent= objRegExp.Replace(strContent,$4)

End If

Կеʽ˲ϸѭƥҲ׳߼⣬Ĺ뼴ɴվű©

[URL][URL]http://=style=c:expression(alert())[/URL][/URL]

뽫ѭִalert()ȻҲԼĶjsִУ
<* ο
 http://www.80sec.com/zblog-xss.html
 *>