Home > Cloud Computing > Cloud Security

Some user account passwords are reset due to blind access to XSS in the same Substation

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Attackers use XSS to blind user cookies and use logic vulnerabilities to reset user passwords after logon to completely control this account, the impact scope is not only that the sub-station and the sub-station 17.com are websites mainly sending Travel Notes without filtering when posting articles. As a result, you can execute any js post and access the personal travel notes home page to trigger it, although there is a length limit. however, you can easily bypass cookie blind access or csrf. Next, the key is to hijack the cookie and log on to the system. You can see the account name and mobile phone bound email address. If the user's mobile phone or email address is not bound, you will have a chance. use your mobile phone or email to reset your password, bind it to an email address, and enter the username you just obtained to reset the password in your email address... This account can log on to any website at the intersection of 17u.com and 17u.net with the same route ticket booking network. If any website has cash, it can be withdrawn.


 Solution:

Filter

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to reset user password in oracle how to reset account how to access keychain passwords on mac how to reset facebook account access to account how to give sudo access to user in linux convert due date to weeks
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More