A Baidu website can be associated with a csrf and xss account hijacking. It was originally a self-xss account. Later, I thought it was possible to work with csrf. Today I found that someone has done this!
Baidu dictionary-my dictionary
Add a new word to the new word base. If the remarks are not filtered, add js directly and execute the statement.
This is a self-xss that cannot interact with others. Therefore, csrf is considered to automatically add a word and the remarks are [xss code]
Because it is a post request, construct the page
Tempting others to access this page
Is there another json?
The content has something to do with Kingsoft.
Http: \/res.iciba.com \/resource \/amp3 \/0 \/0 \/90 \/01 \/9001507f72.mp3
So far, a student can implant a word in his word book, steal his cookie, wander his account, and send a short message to the Goddess.
In addition, there is another mysql error, asking Daniel