Home > Cloud Computing > Cloud Security

Mogujie.com bypasses the filtering mechanism to continue the XSS

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

As a result, the xss is the album name. In fact, there are two parts in the xss, first, the album homepage has the source code <a title = "xxx"> xxx </a>. xxx indicates the album name, and second, click the album name, then, the functions of various websites are shared below, and the source code is <div data = ".... xxx "> the album title is referenced here. Because no double quotation marks are filtered, the two xss locations may occur. Add one first."> you can find that both codes are missing,


First, we will think of adopting the "> <script> alert (1) </script> Method for code implantation. Actually, this is not acceptable. When we close the original tag, strings outside the tag are escaped, that is, the preceding <script> and all later <> are escaped. Therefore, XSS can only be triggered by the trigger event.

But mogujie.com has its own filtering method. Most of the attributes of major events are filtered out. For example, many attributes such as onload onfocus expression style = alert (onclick) are filtered out.

At first, I thought that the filtering was empty. So I tested the ononloadload method and found that the character originally filtered was replaced with a blank key.

I haven't shown it in firefox, so I have been wondering for a long time before I found it replaced with IE. The second part exists in the div label, and style = string is replaced with a blank key, so using expression does not work.

Alert bypass (it is possible that alert/**/(1) can be used to bypass the filtering mechanism, and a few event attributes are not filtered. Here I use the onmousewheel attribute, it is a useless filtering event. We entered dd "/onmousewheel = alert/**/(1) into the album and found that sliding the mouse wheel at the tag, the window pops up successfully, because a blank key will be added before>, so it will be used later // to prevent Code failure.

Both xss and IE test results occur. firefox is not compatible with this event, so it fails. Maybe there are other events that are not filtered, so we will not test them here. I think the probability of using a scroll wheel is quite high.Solution:

Double quotation marks and <> are filtered, and blacklist is not safe.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More