I learn software testing Professional, the most recent school to prepare for this aspect of the course, so want to find a set ASP. NET open source CMS play, Baidu the next, saw the Bo CMS, popularity is also quite high, went to the official website to download the 6. 0 the latest version, NND, install are install not, anyway, what are the error message...really don't know the official is not intentional...so it took two days to put the program debugging good, to finally be able to run up...run up database data are manually inserted to the...I....the program features can not see, can only see the code slower, many things also don't look good...forget it, barely see it...I also was the first contact This set of procedures.
Originally wanted to find what the injection csrf or something, the code looked again, didn't find what can be the use of personal technology problem.
First, after installing the didn't prompt or automatically delete the installation file
After installation you are not prompted, or automatically delete the install directory file,
Direct access to http://seay. sinaapp. com/install/default. aspx can be directly re-install the program,
Second, the Cookie saves the user name and password
Cookie something a little more,
id=2&name=ss123&nickname=ss123&password=e10adc3949ba59abbe56e057f20f883e&email=1 1 6 0 5 4 9 3 8 4%40qq. com&groupid=1&groupname=%e4%b8%b4%e6%9 7%b6%e7%9 4%a8%e6%8 8%b7&setting=1%2c1%2c1%2c0%7c23%2c1%2c10%2c10%2c1%2c0%2c1%2c1%2c5%2c1%2c1%2c5%2c1%2c1%2c5%2c&cookies=c42071141
Passwords are saved in it, with the followingXSS
Third, the statistics plug-inXSSvulnerabilities:
Look at the code:
string _contentid = str2str(q(“id”));