Tencent microblogging XSS attack vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201233098
Type myhack58
Reporter 佚名
Modified 2012-02-13T00:00:00




I believe we all know Sina Weibo in 6 on 2 8 may occurXSSattack event? That night, a large number of Sina Weibo users to automatically send tweets and automatically focus on one called“hellosamy“of the user.

What exactlyXSSattacks why can have so much power for? Now many sites are using Cookies to record the visitor's login status, during certain function operations, such as: the Twitter, the server determines the user's Cookie to record login state, if the user is logged in then allow the operation. Under normal circumstances, this operation seems to be safe, because the server supposedly those operations are the user's own initiative to submit to the operation. But if the attacker conducted the malicious penetration pagescript injectionor session interception, and simulating the user's operation, so these operations is malicious and may be a“dangerous”sex! Such as Sina Weibo in the auto tweet, auto-focus, and so on.

XSSthe attack is divided into two categories

One is from internal attacks, mainly refers to the use of the web page of their own vulnerability, the maliciousscript injectionto the page, when a user accesses this page, the malicious script will follow the implementation, so that malicious scripts can take advantage of all of the user's state data to perform malicious actions, such as tweet, private messages, etc. Sina WeiboXSSthe attack is such to.

The other is from external attacks, mainly referring to construct their ownXSScross-site vulnerabilities a web page or looking for non-target machine other than a cross-site vulnerability of the page. Such as when we want to infiltrate a site, we ourselves constructed a cross-site vulnerability of the page, and then construct cross-site statement, through a combination of other techniques, such as social engineering, etc., to deceive the target server administrator to open.

Sina WeiboXSSattacks in the past, Tencent Weibo currently has no such incidents, but this does not show that Tencent Weibo is safe.

Because I these days are in crunching Tencent microblogging small application development, so very often go shopping Tencent microblogging Application Channel, and want to look at the recent recommendation of the application of what it is like to see their applications have not been recommended out, it is a pity that! No, disappointed: (to!, and Last night, in the lounging Tencent microblogging Application Channel, a sudden curiosity projection, test a little, turned out to be I found aXSSinjected into the point!

Tencent microblogging application Description The address is like this:


Such as this don't what is the dried shrimp“test9“application Description The address is this:


See behind the“http%253A%252F%252Fappst. qq. com%252Fcgi-bin%252Fwbapps%252Fwb_appstore_app. cgi%253Fappid%253D24042”this string of stuff? Obviously is a URL address, the URL address where With to? We open that application describes the address, and then look at the source code, find the URL address in an iframe, as shown below:

[1] [2] next