A functional defect in the Sohu community can cause xss storage and be used to attract Weibo fans.

When we engage in the Netease forum, we naturally need to think of the Sohu community. Well, it is the same vulnerability as Netease. Hey hey, it's helpful for large companies to increase their exposure, you know ~~

Test address: http://club.baobao.sohu.com /? Action = read & forumid = mom_daugh & threadid = 1 cgwdnckddv

 

 

 

1. Send a post, write a few words to the post content, and add the dot css attribute. Here I add the color and font size. (Ps: Sohu's verification code is domineering !~)

2. check whether there is a style. Test and insert expression. If no filter is found, some tests are skipped. This directly proves that the js file of the plug-in chain is used. The verification code in the post data can be obtained by posting on the webpage. Because the webpage uses jq (from the source file), I directly call the jq function.

3. After sending the modified data, I used Google's F12 browser to check it (I am used to using Google's browser) and found that it was successfully inserted.

4. Switch to the IE browser with the trumpet and access it. The cookie is successfully caught. (This indicates that an external js file is successfully inserted)

5. Check the source file and find the following code. Execute the IE browser in IE7, so you can kill all the IE browser versions.

6. Because the cookies of Sohu Weibo and Sohu community are common, it is very easy to use them. I sent a photo of beautiful women in Weibo and inserted the link to this forum to describe "! @ # ￥ % ...... & * ", Everyone understands ..

 



It can also be used to refresh fans of Sohu Weibo, send a reply to a hot post (replying and posting are the same Editor), or post a post in a popular community, or ......

You can try your best to indulge yourself ,.

Because all Internet Explorer versions are killed, the harm is still quite high.
Solution:

Filter