Section flood CMS XSSthe directional attack vulnerability, can get any user Cookie
Section flood CMS provided by default member registration function, the members of Station Information within the module there is a storage-typeXSSvulnerabilities that can be exploited this vulnerability to the administrator to send a message, once opened can be caught, the test section Rezin multiple versions, the basic existence of this vulnerability.
1, Station inside letter to first give yourself a test, prove that the vulnerability exists
Vulnerability to prove:
Next is the vulnerability to prove
1, The use of the station within the letter to the administrator sent a
2, The administrator logged in backend interface will display a letter of the new information, if curious about that?!.....
3, The dot dot dot
4, cookies to
1, and firmly close the member registration function
2, the backend login page how deep how deep
3, the login authentication code to modify