DotText Cross-Site Scripting Vulnerability

最新推荐文章于 2023-09-20 15:08:52 发布

原创最新推荐文章于 2023-09-20 15:08:52 发布 · 2.1k 阅读

0 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#scripting #system #download #blog #c

技术文档专栏收录该内容

50 篇文章

订阅专栏

本文介绍了DotText开源博客系统的跨站脚本漏洞。DotText基于ASP.NET，部分博客系统以此为基础。漏洞出现在Referrers.aspx.cs中，显示的引用链接未进行HTML编码，攻击者可构造恶意引用链接进行跨站脚本攻击。还提及CSDN博客曾基于DotText 0.95，现版本已无引用显示。

Title: DotText Cross-Site Scripting Vulnerability

Author: lake2, http://lake2.0x54.org

Bugtraq ID: 13450

Published: Apr 30 2005 12:00AM

Description:

DotText is an open source weblog system started by Scott Watermasysk with ASP.NET. Some weblog system is base on dottext. You can download it in http://www.gotdotnet.com/Community/Workspaces/workspace.aspx?id=e99fccb3-1a8c-42b5-90ee-348f6b77c407

Where is the bug ?

Referrers.aspx.cs

---------------

if (dataContainer is Referrer)
{
Referrer referrer = (Referrer) dataContainer;
return "<a href=/"" + referrer.ReferrerURL + "/" target=/"_new/">" + referrer.ReferrerURL.Substring(0,referrer.ReferrerURL.Length > 50 ? 50 : referrer.ReferrerURL.Length) + "</a>";
}

---------------

The showed referer isn't encoded with htmlencode , a attacker can construct a referer like as http://X/<script>alert('China')</script> to perform a cross site scripting attack if the blog system isn't disable referer show.

PS: CSDN Blog was base on GotDotNet DotText 0.95 , but now it is CSDN & Donews 0.99 , no referer :)