At the beginning of penetration, I didn't know that my website was installed with a dongle. I went into the background and tried to plug in the pop-up window code. Once the snani dongle intercept it, the hacker said he was not satisfied. I took a sip of the remaining noodle soup yesterday ~~
There is nothing to explain. Let's look at the process!
Test Website:
Http://demo.a3cn.com/cpa3/index.asp
Insert:
<Script> alert ('xss') </script>
You don't need to know how to intercept the dog.
Baidu once passed the dongle method, indicating that there was no result. However, many of the results provided by the answers come from the Alibaba Cloud security network, so I will try it again here!
Finally try to insert:
<Script> alert ("2cto") </script>
It means the operation is successful. I'm so excited ~~ It should be the latest method to bypass dogs!
Inserted and saved successfully. Go to the homepage!
OK, that's it!
Solution:
This issue should be left to the white hat hacker technician of the dongle for repair.