Xss and repair in multiple regions of Tencent Pat Network

Three xss, two phishing games, and one playing game!


Http://sse1.paipai.com/s-hl1w6sgwpq3jv6gxk3tz23ovrtxc835spuv1h25mi6xw2o5wpq3jv6gxk2--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html
 
Http://shop.paipai.com/5565117/0-0000000000-0-1-1-0-3-0-0-0/Ii8+PC9zY3JpcHQ+PHNjcmlwdD5hbGVydCgvZ29kZXJjaS8pPC9zY3JpcHQ+Xi0xXi0x/index.shtml
These two phishing scams are relatively hidden! Awesome!
Http://bbs.paipai.com/portal.php? Byref = 1 & g_tk = 1772478199 & g_ty = lk & byref = 1
This is a good place to play! The specific use is to be studied!


I entered a "/> <script> alert (/goderci/) </script> in the search box when I was on the homepage, And I admitted that I was fertilized! Because it was fertilized, I decided to meow a few more eyes!
Http://sse1.paipai.com/s-hl1w6sgwpq3jv6gxk3tz23ovrtxc835spuv1h25mi6xw2o5wpq3jv6gxk2--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html
 
 
 
Http://shop.paipai.com/5565117/0-0000000000-0-1-1-0-3-0-0-0/Ii8+PC9zY3JpcHQ+PHNjcmlwdD5hbGVydCgvZ29kZXJjaS8pPC9zY3JpcHQ+Xi0xXi0x/index.shtml
 
 
 
 
 
Let's take a look at this. It hurts a lot!
This is because many qq businesses call users' nicknames, so we will change the nickname to <iframe onload = alert (1)> a few words in the future, just fine! After the change, you can experience qq's business! Www.2cto.com
 


 
 
People like me usually send a post on bbs and send a mood or something in this situation. Then, you can change the nickname when you want to play it!
Well, that's it, audience! Continue tomorrow night!
Solution:

Enhanced Filtering

By goderci