Lilac vulnerability of small packs containing process, the reflective xss the use of skill-the loophole warning-the black bar safety net

ID MYHACK58:62201338434
Type myhack58
Reporter 佚名
Modified 2013-04-21T00:00:00


Brief description:

Lilac garden a few small packs, xss+url jump

Detailed description: pubmed. cn/ rfu address not verified be configured on any link to jump)

The main or talk aboutxss?, no description, a pack - a-sword to the heart or not give. This time I'm still and last the same. To a use it. I checked http://www. jobmd. cn/article site search atXSSfor testing. Before submitted, but no the process is not over, this time I wanted to, wanted to select in the Forum by posting the form of a spread. But the new registration, not by invitation, but do not want the phone to register, what should I do? I suddenly thought of a good idea, is through the@fenng Twitter as a springboard to the big FAI microblogging is a lot of people see yo, so here head sure someone will be logged in the lilac garden account. Construct a good code: ezsec. org%2F%3Fu%3Df71717%2 2+%3E%3C%2Fscript%3E&category=-1&action=Search&action_search=

This time is still too long, we pass the url. cn go under, allowing him to become more concise: Then through a small microblogging release to fenng Twitter comments. With a bit of social nature

Hazard proof, reflectiveXSSused well, they can cause great harm to

There is a also withxss, by the way also made, this is your's, also in beta, good repair."><script>alert(1)</script> homepage of the reflection typeXSS

st parameter is not filtered well.

Repair solutions:

Repair recommendations:

url jump:referer restrictions, added to the validity of the authentication Token.

xss:the filter key of the place, the title also don't drain. Security is a whole, not a part.