Netease blog the logic of vulnerability--to teach you to make stealth blog-vulnerability warning-the black bar safety net

2006-12-29T00:00:00
ID MYHACK58:62200613476
Type myhack58
Reporter 佚名
Modified 2006-12-29T00:00:00

Description

http://blog.163.com

Assume that the user name is abcd

Then the blog address is http://blog. 1 6 3. com/abcd

According to this rule

而且 知道 网易 博客 登录 页面 为 http://blog.163.com/login.html

Because Netease blog can apply to take (.) The user name, 于是我申请了一个login.html username

According to the above logic, 我的博客地址应当为http://blog.163.com/login.html In other words, with Netease blog login page, like But I was wrong. 我 的 博客 地址 成了 http://blog.163.com/login.html/ auto-resolve actually to I add a slash to...

Accidental input error, enter the Netease a message to the wrong address http://blog.163.com/login.do?err=1

And then I deleted say Hello to the back to get http://blog. 1 6 3. com/login. do This is also the Netease blog login page, want to register the login. do the user name, found to have been registered

Input http://blog. 1 6 3. com/login. doo can also go to the blog login page Then change the http://blog. 1 6 3. com/login. doooooooooooooo still can Then change the http://blog. 1 6 3. com/login. doa can be

That is as long as the front is http://blog. 1 6 3. com/login. do followed by the letter you can enter to the login page

Now registered a ID called: login. doo,my blog address is

http://blog.163.com/login.doo Because this page is the login page that is, I blog with the login page is the same Into http://blog. 1 6 3. com/login. doo/too

Oh, now you've made a stealth blog.