Attackers use XSS to blind user cookies and use logic vulnerabilities to reset user passwords after logon to completely control this account, the impact scope is not only that the sub-station and the sub-station 17.com are websites mainly sending Travel Notes without filtering when posting articles. As a result, you can execute any js post and access the personal travel notes home page to trigger it, although there is a length limit. however, you can easily bypass cookie blind access or csrf. Next, the key is to hijack the cookie and log on to the system. You can see the account name and mobile phone bound email address. If the user's mobile phone or email address is not bound, you will have a chance. use your mobile phone or email to reset your password, bind it to an email address, and enter the username you just obtained to reset the password in your email address... This account can log on to any website at the intersection of 17u.com and 17u.net with the same route ticket booking network. If any website has cash, it can be withdrawn.
Solution:
Filter