Design defects of Youku Resource Management System V1.0

/* The previous security question is submitted quickly. If you don't see any more, you can merge and submit it together! */
 
Use this page to review Logon: http://tt.youku.com/admin/up.jsp
 
 
 
 



 
Of course, you do not have the permission to perform operations, but you can modify the USER parameter to log on to any user id. (This is too weak. Who made the system? I found that the internal systems of some large companies are like this !)
 
Http://tt.youku.com/admin/main1.jsp? USER = admin
 
 
 
Not to mention adding storage-type XSS to data! Www.2cto.com
 
 
 
 
However, the system seems to have been useless for a long time. I don't know if the mobile phone users can still see it ?)
 
 
Solution:

If the USER parameter is modified in this way, the reflected persistent XSS can be formed (each operation can be played !) (There are other interesting issues, such as adding the blocked url in the menu item to the "Resource Name" to ensure normal access !)
 
 
Http://tt.youku.com/admin/main1.jsp? USER = <script> alert (/xss/); </script>
 
 
 
 
 
 
 
Haha! I don't know how to describe this system! Maybe it's just a short schedule!
 
 
Copyright Disclaimer: Reprinted with the source shine