ThinkSNS an application cross-site scripting attacks, endangering a variety of voluntary hooked the user
ThinkSNS published log can be cross-site scripting attacks, the willingness to see the will be caught
http://t.thinksns.com 上进 行 测试
- We first randomly inserted into a network image
2. Capture, modify as follows
- Find the document and the cookie is being filtered out, but the test location, decisive success
- That's good to do a, we can construct-as in the following link tips: this is just one of the most direct way, do not filter out this turn regardless of other.
- Look at the page source and effect
Yes, is inserted into the go, and also jump.
- Competent? See how you write the script.~~~
The so-called take the bait, just want to see this log will be hooked up!!
See detailed description, saying that since it is a SNS, that's good, check the vulnerability.......
You than I understand it!!!!