I accidentally discovered an xss vulnerability yesterday. Next I will explain how I discovered it. This article will extend to all forums where high-Permission users are not strictly filtered.
First, I used the "special method" to get a moderator's number. Then I wanted to see if any post edited by wooyun was okay. The result showed that no, and I found another problem, is the XSS vulnerability of Tianya.
Of course, you cannot insert <script XXX> directly. However, when you insert <ScRiPt XXX>, it will succeed. Why, only lowercase letters are filtered.
Although this vulnerability was discovered by accident, it is inevitable.
Although the post content of common users is filtered, users with high permissions are not filtered.
Reference the just-learned "Departure Form": "It is not suitable to be private, so that internal and external differences are also"
This vulnerability is also caused by "private" targeting high-Permission users.
Solution: Filter users with all Permissions
From: www.safe121.com