Anti-reflection and persistent cross-site

The anti-reflection cross-site method of the funny game network. If you do not filter the url parameters, the function is used to form a webpage. If the parameter contains malicious cross-site code, the browser will execute the code to cause cross-site attacks. There are two cross-site attacks on the tease web, which can be used for phishing and Trojan attacks. Which may cause harm to network users.

The first is non-persistent cross-site http://www.doyo.cn/User/Passport/registerStep2? Username = <script> alert (/test by Jie DS/) </script> & email = <script> alert (/test by Jie DS/) </script>
Username and email parameters are filtered as necessary, so that cross-site code can be added to parameters to implement cross-site code immediately.

The second is persistent cross-site. After a user is registered in the http://www.doyo.cn/user/aspasp, perform any necessary filtering at the personal center-profile. If cross-site code is entered here, the web page that displays personal information is displayed across sites.


 
 
 
 
First url: http://www.doyo.cn/User/Passport/registerStep2? Username = <script> alert (/test by Jie DS/) </script> & email = <script> alert (/test by Jie DS/) </script>
Url Second: http://www.doyo.cn/user/aspasp