Never do anything illegal. It is only for research purposes !!!!
The implementation of some ATM complex interfaces encapsulates the underlying LINUX + Apache environment and makes a sandbox. In some cases, it may jump out of the sandbox, however, it is difficult to jump out of some situations (there are no complex user potential interfaces in the Linux environment). In this case, we can choose to use complicated front-end logic, such as xss vulnerabilities to do something.
It seems that an xss is found, disturbing the display of the interface and proving that HTML technology is used.
It seems like a Linux Browser.
In fact, some skills are needed. The input here is very limited, and it needs to be bypassed.
Take a look at it locally. It turns out to be like this.
Sorry, I'm sorry to continue. The frustrated system encapsulated apache with no security settings and had an interface with UnionPay to transfer money, I just want to say that the money is too easy.