Mail.189.cn XSS vulnerability Mining

First, test the input filtering. Generally, test the mail content at the beginning: Use <script> alert ('xsss') </script>

In the topic and content sections, enter the content in the topic. When you enter the content, the content is filtered. The input filter does not mean that the content can be XSS (for many reasons ),

Next we will study the XSS filtering of topics. After a general test, it is found that <> tags are filtered and no other tags are tested,

To test the code, enter \ x3C \ x73 \ x63 \ x72 \ x69 \ cross \ x74 \ x3E (<script> encoding ),

If the output is not filtered, the XSS can be accessed as long as the output is not filtered, And the XSS at the topic can be completed by xxoo In the login mailbox,

Then, send it to the test account. To try to bypass the output.

The test code is provided: \ x3C \ x73 \ x63 \ x72 \ x69 \ x74 \ x74 \ x3E \ x61 \ x6C \ x65 \ x72 \ x74 \ x28 \ x27 \ x58 \ x53 \ x53 \ x27 \ x29 \ x3B \ x3C \ x2F \ x73 \ x63 \ x72 \ x69 \ x74 \ x3E

After the email is successfully sent, we also receive the email, refresh, and play:

The input and output are bypassed! XSS.

Of course, the pop-up box is not an aim, and the storage type has a great hazard. stealing cookies or other operations is the purpose,

Write a paragraph by yourself,

For example, I call www.xxoo.com/xss.js,

We can use the

Then encode.

Of course, XSS mining is not as simple as it is written in the article. You have to test it step by step. We recommend a semi-automatic DOMinator.

That's it, good lucky