A real penetration test

Summary of the future ：

Idle and boring , I came across a website , forehead ... There are many advertisements

A sudden impulse , Casually take the missing scanning tool and sweep it around , Several vulnerabilities were found , All are xss Loophole

" Test a wave with curiosity , Manually tested payload They all failed , The website "(" ,")" ,"<","> and "alert" Wait until these keywords are filtered out . No way out . Only hard —> Run directly to the dictionary , For xss Vulnerability dictionary payload test .

Finally, a lot of useful things are measured payload

Randomly choose a few tests , Successful pop-up ！

At present, only one vulnerability has been tested , Other vulnerability points have not been tested .

As a student who has studied network security law , Of course, I know that I can't do things that harm others , Especially such a conscientious sharing website , Never destroy .