Baidu space XSIO vulnerability-vulnerability warning-the black bar safety net

Article author: aullik5 Original source: http://hi.baidu.com/aullik5/blog ... a02c6785352416.html Today want to talk about this vulnerability is a very wretched vulnerability. Most of the sites have this vulnerability, not only is Baidu. What is XSIO, and why is it wretched? XSIO is because there...

百度空间XSIO漏洞

XSIO是因为没有限制图片的position属性为absolute，导致可以控制一张图片出现在网页的任意位置。 那么我们就可以用这张图片去覆盖网页上的任意一个位置，包括网站的banner，包括一个link、一个button。 这就可以导致页面破坏。而给图片设置一个链接后，很显然就可以起到一个钓鱼的作用。 由于对正常的HTML 标签百度空间是没有做过滤的，所以我们可以用这些标签来实施XSIO攻击。 在百度，发blog是在一个table里，所以我们要先把table闭合掉，然后再插入合适的图片。 百度空间/07-14 暂无 hi.baidu.com /tablea...

From the Baidu space to China blog vulnerability-vulnerability warning-the black bar safety net

These days there are always friends to ask me in ten period of black anti-on introduction to ajax hacking degree of influence exactly how much, and how for this stage of the network status of the web2. 0 vulnerability testing, and use of, this time by means of black anti-for everyone to see for...

WEB2. 0 attack the trendy—Ajax Hacking-vulnerability warning-the black bar safety net

0 5 at the beginning, with web2. 0 this word in China each large network media such as a flood the emergence of Ajax technology AJAX, IE"Asynchronous JavaScript And XML"acronym, can be translated as asynchronous JavaScript and XML technology. At its core is a host in the browser called...