Origin and an XSS. an opinion feedback system of Sina was found. prepare to use XSS to blind the background. an error is reported when an XSS statement is submitted, such as a database error .. hey hey .. no wonder I am... found that the address submitted here is the http://feedback.sina.com.cn to access this address will jump to http://netlogin.sina.com.cn/#very bright!
Sina user management system... in addition, according to the previous site iask.sina.com.cn where Sina was injected, it can be determined that it should be the master database of Sina. the injection test is performed. it is found that the f_email parameter in the submitted parameter can generate injection. the database version MySQL 5.0.11 cannot be further tested. I have been warned too many times recently. otherwise, I would like to try to change Zhou Hongyi's Sina Weibo game. database Version: MySQL 5.0.11Solution:Something has been ruined for a long time, right? Remove it.