ThinkSNS an application cross-site scripting attacks, endangering the user-to vulnerability and early warning-the black bar safety net

ID MYHACK58:62201337464
Type myhack58
Reporter 佚名
Modified 2013-02-23T00:00:00


Brief description:

ThinkSNS an application cross-site scripting attacks, endangering a variety of voluntary hooked the user

Detailed description:

ThinkSNS published log can be cross-site scripting attacks, the willingness to see the will be caught 上进 行 测试

  1. We first randomly inserted into a network image


2. Capture, modify as follows


  1. Find the document and the cookie is being filtered out, but the test location, decisive success


  1. That's good to do a, we can construct-as in the following link tips: this is just one of the most direct way, do not filter out this turn regardless of other.


Capture modifications


  1. Look at the page source and effect Yes, is inserted into the go, and also jump.



  1. Competent? See how you write the script.~~~ The so-called take the bait, just want to see this log will be hooked up!!

Vulnerability proof:

See detailed description, saying that since it is a SNS, that's good, check the vulnerability.......

Repair solutions:

You than I understand it!!!!