Preface: When the Xinyun website management system 1.02 came out, his message book had a cross-site loophole. I tested the hacker animation. Fortunately, there was no message book function open, and then I tested the black soft base and it could be successfully used. Both the Xinyun official website successfully took down the management element cookies.
I didn't expect it. It seems that you have to be careful when crossing the site!
The BBSXP vulnerability has been very popular recently. Everyone has seen the existing loopholes, so I won’t talk about them. I was bored tonight. I looked at several file codes for the latest version of BBSXP 5.15, and found that there were still loopholes in cross-site attacks.
File, code is as follows:
The submitted "no" parameter was not processed. Look at the file again:
if ("skins")=empty then ("skins")=style
dim ForumTreeList,toptrue
ii=0
startime=timer()
Set rs = ("")
=Timeout 'Set script timeout time Unit: seconds
" "
The parameters submitted by cookies are not processed and they are directly written into output. In this way, we can insert cross-site script code into the parameter "no" of the theoretical style to conduct cross-site attacks, such as constructing a url:
/?menu=skins&no=4>
I didn't expect it. It seems that you have to be careful when crossing the site!
The BBSXP vulnerability has been very popular recently. Everyone has seen the existing loopholes, so I won’t talk about them. I was bored tonight. I looked at several file codes for the latest version of BBSXP 5.15, and found that there were still loopholes in cross-site attacks.
File, code is as follows:
The submitted "no" parameter was not processed. Look at the file again:
if ("skins")=empty then ("skins")=style
dim ForumTreeList,toptrue
ii=0
startime=timer()
Set rs = ("")
=Timeout 'Set script timeout time Unit: seconds
" "
The parameters submitted by cookies are not processed and they are directly written into output. In this way, we can insert cross-site script code into the parameter "no" of the theoretical style to conduct cross-site attacks, such as constructing a url:
/?menu=skins&no=4>