ThinkSNS an application cross-site scripting attacks, endangering the user-to vulnerability and early warning-the black bar safety net

2013-02-23T00:00:00
ID MYHACK58:62201337464
Type myhack58
Reporter 佚名
Modified 2013-02-23T00:00:00

Description

Brief description:

ThinkSNS an application cross-site scripting attacks, endangering a variety of voluntary hooked the user

Detailed description:

ThinkSNS published log can be cross-site scripting attacks, the willingness to see the will be caught http://t.thinksns.com 上进 行 测试

  1. We first randomly inserted into a network image

!

2. Capture, modify as follows

!

  1. Find the document and the cookie is being filtered out, but the test location, decisive success

!

  1. That's good to do a, we can construct-as in the following link tips: this is just one of the most direct way, do not filter out this turn regardless of other.

!

Capture modifications

!

  1. Look at the page source and effect Yes, is inserted into the go, and also jump.

!

!

  1. Competent? See how you write the script.~~~ The so-called take the bait, just want to see this log will be hooked up!!

Vulnerability proof:

See detailed description, saying that since it is a SNS, that's good, check the vulnerability.......

Repair solutions:

You than I understand it!!!!