The stored XSS code is directly imported into the database because it is not filtered out somewhere. This is also the result of a fuzz test. During the test, the title, description, and category of the test were all filtered out. Or the tag is truncated: The above circled area has been tested. Either filtering or truncation. Therefore, do not consider these areas. When you continue to create an album, you will see a video. Considering that this part will certainly interact with the database, not all parts will be filtered out. Hundreds of secrets must be sparse. To facilitate our test, we can search for a video and add an album. Note: There is an editing function, so will it not be filtered out here? With such a mood, I entered the test code: Sure enough, but I did not filter it here: after knowing that the test code is not filtered, we only need to find the corresponding output location in the 56.com area. Find my album-> click open image: access the corresponding address is: http://www.56.com/w83/album-aid-11678296.html our cookie is popped up.
56.com also provides a lot of sharing functions, so we can do this attack is very secret, just need to share the link out: Open will recruit: http://www.56.com/w83/album-aid-11678296.htmlSolution:
Filter the video editing titles and escape the corresponding html code.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
