Xss (available in the background) stored in multiple locations in a sub-station of Youku and any posts deleted by common users
Four stored xss types are found, two cookie types can be used, one is used as the Administrator, and the other one can only be x itself, and other common users can delete any post.
juhai.youku.com
See this hole in x
WooYun: Youku xss inserts chrysanthemum background and injects
I also want to see if there are any vulnerabilities. After two consecutive days of testing, the following problems occur:
1. Storage-type cross-site
When posting:
Some filtering is done, but not completely. insert
When replying to a post, there are also cross-site:
The above code can hit the user cookie. Call the Administrator's cookie or I want to be the main user.
"The content cannot contain HTML characters !", Capture packets, add malicious code, and then hit the Administrator cookie.
2. delete any user posts
Each post corresponds to a postId. When you delete a post, you can change the packet capture to the postId of another post,
(This post is a demo post, not from other users)
Proof of vulnerability:
Solution:
You know
</Script>