Foreword
After recently visiting the small program, which found a small application program is user account information is automatically registered in a station. So I go to the website looked under, WOW! ~ Lot of input boxes to easily test the next xss.
XSS vulnerabilities found
In the learning purposes of communication with trembling fingers the user name input box at the input the following code: <script>alert(1)</script>
</textarea><img onerror="alert(1)" src='1'>
Further exploit XSS vulnerabilities
At that time I was thinking, his little program is a recharge. Or financial administrator will certainly look all right today, there is no consumer ah ~ what new users recharge ah ~ ~ it had better brush pen two top of the list, and then implanted xss in a user name, gong fishing take the bait. Begins search engine to find a few xss platform with https, the check can get a cookie modules:
Two (first) years (two) later (day) ...
Really lucky
Vulnerabilities submitted
Conclusion
Doing development, security awareness must be ah!