Password stored in plain text plus cross-site worms, you know
Register road passenger Baba sent a message, the message content for the test code as
I registered two account xxoo_2013 and xxoo_2014, the password is 1 2 3 4 5 6, a sender a receiver, and
Effect as shown:
In to obtain the cookies found in the password plaintext storage:
As cdb_back[txtloginname]=xxoo_2013; cdb_back[txtPassword]=1 2 3 4 5 6;
This exploits that the worm implicit propagation then byxssthe platform receiving the letter. Worms details not test.
Because the road passenger Baba-with recharge function, the harm is still there.