Because I have always wanted to infiltrate this site, and then go to edusrc to submit to obtain the certificate.
After the last analysis of the blasting vulnerability, I found that the decryption failed, but the method to solve the verification code was solved.
Then as I learnt, I discovered many new methods, such as ultra vires, xss
regarding ultra vires, the test here has failed, and if both horizontally and vertically failed
xss, I
tested it and found that it does exist, but it is only reflective xss (Because the message board inside seems to exist, but in fact it will not be recorded. It is not visible on other people's pages. I don't know the use of this tasteless function.)
And there is a problem That is
, when I read the cookie, I find that httponly
is here for the time being and I can’t think of any way to bypass httponly
Temporarily over, wait for more learning later to continue testing, penetration