Author: nuclear attack
When browsing news yesterday, Baidu news found the following defects:
Normal page:
Http://news.baidu.com/n? Cmd = 2 & am... m & cls = civilnews
Bug page ("% 23" is submitted after the url (in hexadecimal format ):
Http://news.baidu.com/n? Cmd = 2 & am... 3 & cls = civilnews
Effect: A dual-frame page is generated. The previous one is normal and the last one is removed.
Error Page ("% 22" after url is submitted, that is, "of Url encoding (hexadecimal ):
Http://news.baidu.com/n? Cmd = 2 & am... 2 & cls = civilnews
Result: A dual-frame page is generated. The previous one is normal, and the last one directly reports the "[an error occurred while processing this directive]" error (an error occurred when processing this command ).
Other exploitation methods:
In its "forward to friends" --> "forward to space", Baidu directly reprinted the wrong url without verification after the artificially modified url.
For example:Http://apps.hi.baidu.com/share? ... T & cls = civilnews
Due to time, I found these. We have not yet continued to dig deep. We can dig out vulnerabilities such as xss or url redirection.
Note: "#" is used to pass values in the url and jump to the tag, without affecting the normal page.
This article is from: html "target = _ blank>Http://lcx.cc /? Foxnews0000358.htmlPseudo-original reprinted chicken ~