Douban Dom persistent cross-site scripting vulnerability and repair solution

Source: Internet
Author: User

A csrf cross-site submission and XSS cross-site scripting vulnerability exists in a Douban service.

Some csrf vulnerabilities exist at Douban, most of which are caused by undetected ck values.
If you create a page to submit the parameter name = & blog_id = 9294311 to the interface http://9.douban.com/reader/j_mkdir in the form of POST, you can add a subscription directory in douban9, no ck value is detected to prevent cross-origin submission. in addition, the name value has not been reviewed by html, causing the cross-site scripting vulnerability caused by page rendering when you click the drop-down menu.

This vulnerability may cause harm because the ck value at is stored in the Cookie and is consistent with the ck value at www.douban.com in a session, this can cause csrf attacks to all places where the ck value has been verified in the Douban service.

The csrf cross-site issue is also caused by undetected ck values: j_rename, j_delete_blog, j_delete_dir.

Proof of vulnerability:

Http://kevin1986.com/plus/db.htm
Http://kevin1986.com/plus/db2.html
Http://kevin1986.com/plus/db3.html

On the test page, you can use the Script Form. submit () method to submit data in the POST mode.

Solution:

Check the correctness of the ck value and filter the input html .:)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.