Pseudo-protocol-based remote code injecting loophole detecting method

The invention discloses a pseudo-protocol-based remote code injecting loophole detecting method. The method comprises the following steps that firstly, an executable file is established, and a first command parameter which is obtained during executing of the executable file is set as a character string; secondly, a pseudo protocol F is registered in an operating system where a to-be-detected object Web browser exists, the designation of the pseudo protocol F is a character string K, and a kernel opening command is a route of the executable file in the operating system; thirdly, a hypertext markup language file H is built, and a uniform resource locator of the hypertext markup language file H is composed of the character string K and a remote injecting code; finally, the address pointed by the uniform resource locator L in the hypertext markup language file H is visited, and according to whether the to-be-detected object Web browser executes the remote injecting code or not, it is judged that whether a pseudo-protocol-based remote code injecting loophole exists or not. According to the method, the design is simple, the utilization is convenient, the extremely high permeability is provided, and the remote code injecting loophole which is deeply concealed in the Web browser can be found.