A csrf cross-site submission and XSS cross-site scripting vulnerability exists in a Douban service.
Some csrf vulnerabilities exist at Douban, most of which are caused by undetected ck values.
If you create a page to submit the parameter name = & blog_id = 9294311 to the interface http://9.douban.com/reader/j_mkdir in the form of POST, you can add a subscription directory in douban9, no ck value is detected to prevent cross-origin submission. in addition, the name value has not been reviewed by html, causing the cross-site scripting vulnerability caused by page rendering when you click the drop-down menu.
This vulnerability may cause harm because the ck value at is stored in the Cookie and is consistent with the ck value at www.douban.com in a session, this can cause csrf attacks to all places where the ck value has been verified in the Douban service.
The csrf cross-site issue is also caused by undetected ck values: j_rename, j_delete_blog, j_delete_dir.
Proof of vulnerability:
Http://kevin1986.com/plus/db.htm
Http://kevin1986.com/plus/db2.html
Http://kevin1986.com/plus/db3.html
On the test page, you can use the Script Form. submit () method to submit data in the POST mode.
Solution:
Check the correctness of the ck value and filter the input html .:)