Baidu news url Processing bug, which can cause xss Or url jump Vulnerability

Author: nuclear attack
When browsing news yesterday, Baidu news found the following defects:

Normal page:

Http://news.baidu.com/n? Cmd = 2 & am... m & cls = civilnews



Bug page ("% 23" is submitted after the url (in hexadecimal format ):

Http://news.baidu.com/n? Cmd = 2 & am... 3 & cls = civilnews

Effect: A dual-frame page is generated. The previous one is normal and the last one is removed.



Error Page ("% 22" after url is submitted, that is, "of Url encoding (hexadecimal ):

Http://news.baidu.com/n? Cmd = 2 & am... 2 & cls = civilnews

Result: A dual-frame page is generated. The previous one is normal, and the last one directly reports the "[an error occurred while processing this directive]" error (an error occurred when processing this command ).



Other exploitation methods:

In its "forward to friends" --> "forward to space", Baidu directly reprinted the wrong url without verification after the artificially modified url.

For example:Http://apps.hi.baidu.com/share? ... T & cls = civilnews



Due to time, I found these. We have not yet continued to dig deep. We can dig out vulnerabilities such as xss or url redirection.

Note: "#" is used to pass values in the url and jump to the tag, without affecting the normal page.

This article is from: html "target = _ blank>Http://lcx.cc /? Foxnews0000358.htmlPseudo-original reprinted chicken ~