当前位置:首页 >> 网络通讯 >> 网络安全 >> 内容

QQ空间+朋友网日志功能存储型XSS及修复

时间:2013/4/19 12:10:00 作者:平凡之路 来源:xuhantao.com 浏览:

此漏洞影响腾讯2大主要的社区日志功能,QQ空间和朋友网的前端和后端是一套逻辑,就不分开提交了。漏洞相关信息日后会同步至pkav.net。 搜狗电脑知识网
缺陷文件:

缺陷代码:

QZBlog.Logic.initMusicPlayer = function() {
    var arr = document.getElementsByName("musicFlash**");
    if (arr.length > 0) {
        var musicParams = [];
        for (var index = 0; index < arr.length; ++index) {
            var ubb = arr[index].getAttribute('ubb');
            if ( !! ubb) {
                musicParams.push(ubb);
                if (!QZFL.userAgent.ie) {
                    var is_multi = ubb.split("|").length > 7;
                    var width = arr[index].width;
                    var height = arr[index].height;
                    var _div_height = is_multi ? 200: 120;
                    var _div_width = is_multi ? 386: 360;
                    var src = '' + IMGCACHE_DOMAIN + '/music/musicbox_v2_1/img/MusicFlash.swf';
                    var span = document.createElement('span');
                    span.style.cssText = 'display:inline-block; height:' + _div_height + 'px;width:' + _div_width + 'px; overflow:hidden; vertical-align:baseline';
                    var parent = arr[index].parentNode;
                    parent.replaceChild(span, arr[index]);
                    span.innerHTML = '<object type="application/x-shockwave-flash" data="' + src + '" width="' + width + '" height="' + height + '" name="musicFlash' + (musicParams.length - 1) + '" id="musicFlash' + (musicParams.length - 1) + '" align="middle" ubb="' + ubb + '">' + '<param name="movie" value="' + src + '" />' + '<param name="quality" value="high" />' + '<param name="bgcolor" value="#ffffff" />' + '<param name="play" value="true" />' + '<param name="loop" value="true" />' + '<param name="wmode" value="transparent" />' + '<param name="scale" value="showall" />' + '<param name="menu" value="true" />' + '<param name="salign" value="" />' + '<param name="allowScriptAccess" value="always" />' + '</object></span>';
                    index--;
                } else {
                    arr[index].id = "musicFlash" + (musicParams.length - 1);
                    if (QZFL.userAgent.ie < 9) {
                        arr[index].name = "musicFlash" + (musicParams.length - 1);
                    }
                }
            }
        }
        if (musicParams.length > 0) {
            var jsLoader = new QZONE.jsLoader();
            jsLoader.onload = function() {
                initMusicData.apply(null, musicParams);
            };
            jsLoader.load("/music/musicbox_v2_1/js/musicblog_player.js", document, "GB2312");
        }
    }
};

相关文章
  • 没有相关文章
共有评论 0相关评论
发表我的评论
  • 大名:
  • 内容:
  • 徐汉涛(www.xuhantao.com) © 2024 版权所有 All Rights Reserved.
  • 部分内容来自网络,如有侵权请联系站长尽快处理 站长QQ:965898558(广告及站内业务受理) 网站备案号:蒙ICP备15000590号-1