Internet-based storage-type cross-site (other users have logged on)
Internet-based storage-type cross-site (other users have logged on)
You can see the homepage of the fence.
I went to see it.
Redecorate the review of live broadcasting
Http://bang.liba.com/site/198
Of course, a self-xss
However, when anyone browses this page and opens a comment, a script is triggered.
After receiving the cookie
Then log on to another account.
I can see from the registration time that xss entered, rather than registering a user to pretend to be in.
You can see the homepage of the fence.
I went to see it.
Redecorate the review of live broadcasting
Http://bang.liba.com/site/198
Of course, a self-xss
However, when anyone browses this page and opens a comment, a script is triggered.
After receiving the cookie
Then log on to another account.
I can see from the registration time that xss entered, rather than registering a user to pretend to be in.
Solution:
Repair Filtering