Dangers: security risks caused by Html tags

 

WWW is one of the most important services on the Internet. It provides a variety of information resources to the customer. An important thing to organize such information resources is Html hypertext language, after the development of the application, other tags such as UBB are generated, but the Html code is used in the end. After research, it is found that even the most secure code (which has already ruled out the common Xss vulnerability) cannot avoid another annoying attack method and use it with less rigorous programs, it may be exploited to generate greater threats.

The [img] labels in script programs such as forums, article systems, and Blog systems are converted Label example to illustrate this neglected security problem! First, let's talk about the process of processing the label and the browser. First, take a look at the following UBB code: [IMG]/UpLoadFiles/NewsPhoto/oveshell.jpg [/IMG], then, the script program is converted to . label

This function is used to embed an image into the current page. The current Forum program has this function in posting and personal portraits. When the browser encounters This Html tag, it will follow the src location
Here is/UpLoadFiles/NewsPhoto/oveshell.jpg to find network resources. When this image is found, it will be accessed, downloaded, and parsed locally,
This image is displayed in the browser. If the resource cannot be found, a Red Cross is displayed, indicating that an error has occurred. Here/UpLoadFiles/NewsPhoto/oveshell.jpg is a normal image.
Slice, so everything goes smoothly, but I don't know if you have thought about it. If this resource is another type of resource, such as a webpage, an eXe file, or an asp page, what will happen if it is not an image file?

Obviously, the answer is that the image shows a red X, our Exe file is not downloaded, And the Html page is not executed. This is a matter of course, because IE or other browsers will parse the obtained resources as images, errors will be generated and red X will be displayed. This may be useless, but if we change the image address
Http: // 127.0.0.1: 88/imgtest/test. asp? What is the form of user = shell? Test. asp contains the following content:

<% Dim fso, file // defines the Fso object Const ForReading = 1, ForWriting = 2, ForAppending = 8 Set fso = Server. createObject ("Scripting. FileSystemObject ") Path = server. mappath ("imgtest.txt") // open the same directory imgtest.txt Set file = fso. opentextfile (path, ForAppending, TRUE) File. write ("someone:") // write content File. write (request. Servervariables ("QUERY_STRING ")) File. write vbCrLf File. close Set file = nothing Set fso = nothing %>