xss cookie
preface
Recently, I found that one of the small programs is to automatically register an account in a certain station after applying for user information.
So went to the website to see, wow! A lot of input box ~ try XSS easily.

XSS vulnerability found
For the purpose of learning and communication, the following code is input in the input box of user name with trembling fingers:
<script>alert(1)</script>

EMM... Did not respond, the heart a burst of loss, and did not expect to pop up a box, sighed.
However, it is a procedural ape at least, which can not be easily given up.
We found some XSS variation code to test
</textarea><img onerror="alert(1)" src='1'>

WOW! It's amazing!
Further exploit XSS vulnerability
At that time, I was thinking that his small program had recharge function.
The administrator or the financial department will certainly have nothing to look at today's consumption ~ which new users recharge it~
That's not as good as that~
Brush two recharge lists, and then insert XSS in the user name, and Jiang Taigong will hook the fisherman.
From the search engine, we found several XSS platforms with HTTPS, and checked the module that can obtain cookies:

(2) later

Fish hook ~ successfully get the user name and cookie, then hang agent, developer tool, application, modify cookies, refresh the page.
Really lucky

The first time I used XSS to do something, it was very comfortable.
Unfortunately, the background and user center are shared, and there is no place to upload files for reuse.

It's just a small charge~
Vulnerability submission

It has been fed back to the relevant administrator for repair.
Conclusion
Do development, security awareness must have ah!
Use Alipay, wechat and QQ clients to scan code and reward
Reward the author
This paper is written by SangSir Creation, adoption Knowledge sharing signature 4.0 International license agreement
In addition to the reprint / source, all articles are original or translated. Please sign before reprinting