Sina Weibo search storage XSS vulnerability: Combined use of two holes
Client Bypass Vulnerability: Sina Weibo's "initiate a vote" function imposes a limit on the number of words on the title (25 words) and option (20 words), but it is only a client restriction and can be bypassed through proxy. The injection Script 1 is shown in.
XSS vulnerability: The injection script is escaped by HTML directly on the voting page. However, through the Weibo search function, when you use script-related keywords (such as iframe onload) for a voting search, the search results contain the injected script and trigger the script execution! 2.
Simple use: you only need to put the search connection to Weibo and click it.
Figure 1 injection script
Figure 2 Script Execution
Solution:
The server verifies the input restrictions. Review all search output content.
Author: WebSPRing
Recruitment
Some resumes recruited by Sina do not filter user input, resulting in xss vulnerabilities. If the Administrator checks the resumes, he can steal cookies and other information.
:
Http://career.sina.com.cn/user_center.php
When creating a resume, the user data is not interpreted and filtered, And the ID card and other information can be input <script>, which leads to stored xss. The cookie is stolen when the Administrator checks the resume.
It can be triggered in many places...
Solution:
Filter it out!
Author Adra1n