真正的利用和漏洞是两码事了,大部分非持久型XSS配合WS的技巧还是能造成很大危害的。
在08-7-15,xiao yin <[EMAIL PROTECTED]> 写道: > > 想问一下,这种XSS真正能利用起来的又有多少,问题是截取用户名和密码,真正用起来的还是少之又少。 > > 2008/7/15 heyi <[EMAIL PROTECTED]>: > >> http://msg.baidu.com/ms?ct=21&cm=1&tn=bmSendMessage&un=<iframe src= >> http://www.baidu.com width=700 height=500/> >> >> >> ------------------ 原始邮件 ------------------ >> *发件人:* "大风"<[EMAIL PROTECTED]>; >> *发送时间:* 2008年7月15日(星期二) 中午01:12 >> *收件人:* "ph4nt0m"<[email protected]>; >> *主题:* [Ph4nt0m] 答复: [Ph4nt0m] Re: [WoBB]The Week of Baidu Bugs >> >> >> >> >> 今天的更新: >> >> >> >> The Week of Baidu Bugs - Day 05: >> 百度空间多处XSS漏洞<http://hi.baidu.com/aullik5/blog/item/8d3684952508831bd21b70be.html> >> >> >> >> 其中Baidu 搜藏那个XSS漏洞还有点意思 >> >> >> >> >> >> *[Ph4nt0m] <http://www.ph4nt0m.org/> * >> >> *[Ph4nt0m Security Team]* >> >> * [EMAIL PROTECTED] <http://blog.ph4nt0m.org/>* >> >> * Email: [EMAIL PROTECTED] >> >> * PingMe: >> <http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wuhq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> >> * >> >> * **=== V3ry G00d, V3ry Str0ng ===*** >> >> * === Ultim4te H4cking ===* >> >> * === XPLOITZ ! ===* >> >> * === #_# ===* >> >> *#If you brave,there is nothing you cannot achieve.#* >> >> >> ------------------------------ >> >> *发件人:* [email protected] [mailto:[EMAIL PROTECTED] *代表 * >> raystyle >> *发送时间:* 2008年7月14日 16:35 >> *收件人:* [email protected] >> *主题:* [Ph4nt0m] Re: [WoBB]The Week of Baidu Bugs >> >> >> >> 期待啊 期待 太强大了 >> >> 在08-7-14,*大风* <[EMAIL PROTECTED]> 写道: >> >> >> >> 最近在blog上发布了一些baidu漏洞,希望能和更多的朋友一起探讨。 >> >> >> >> The Week of Baidu Bugs - Day 01: >> 任意URL跳转漏洞<http://hi.baidu.com/aullik5/blog/item/1399f502b3cf5d723912bb37.html> >> >> >> >> The Week of Baidu Bugs - Day 02: >> 多处CSRF漏洞<http://hi.baidu.com/aullik5/blog/item/5b0178f5d0eb9adcf2d3852f.html> >> >> >> >> The Week of Baidu Bugs - Day 03: >> 百度空间XSIO漏洞<http://hi.baidu.com/aullik5/blog/item/e031985175a02c6785352416.html> >> >> >> >> The Week of Baidu Bugs - Day 04: 百度空间多处DOM >> XSS漏洞(上)<http://hi.baidu.com/aullik5/blog/item/646456fa5b34b8136d22eb84.html> >> >> >> >> The Week of Baidu Bugs - Day 04: 百度空间多处DOM >> XSS漏洞(下)<http://hi.baidu.com/aullik5/blog/item/be1893ee482a5ceace1b3e98.html> >> >> >> >> >> >> 已经发了四天了,还会继续发下去,每天都会发一点。 >> >> >> >> >> >> >> >> *[Ph4nt0m] <http://www.ph4nt0m.org/>** * >> >> *[Ph4nt0m Security Team]* >> >> * [EMAIL PROTECTED] <http://blog.ph4nt0m.org/>* >> >> * Email: [EMAIL PROTECTED] >> >> * PingMe: >> <http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wuhq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> >> * >> >> * **=== V3ry G00d, V3ry Str0ng ===* >> >> * === Ultim4te H4cking ===* >> >> * === XPLOITZ ! ===* >> >> * === #_# ===* >> >> *#If you brave,there is nothing you cannot achieve.#* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
