此漏洞影响腾讯2大主要的社区日志功能,QQ空间和朋友网的前端和后端是一套逻辑,就不分开提交了。漏洞相关信息日后会同步至pkav.net。
搜狗电脑知识网
缺陷文件:
缺陷代码:
QZBlog.Logic.initMusicPlayer = function() {
var arr = document.getElementsByName("musicFlash**");
if (arr.length > 0) {
var musicParams = [];
for (var index = 0; index < arr.length; ++index) {
var ubb = arr[index].getAttribute('ubb');
if ( !! ubb) {
musicParams.push(ubb);
if (!QZFL.userAgent.ie) {
var is_multi = ubb.split("|").length > 7;
var width = arr[index].width;
var height = arr[index].height;
var _div_height = is_multi ? 200: 120;
var _div_width = is_multi ? 386: 360;
var src = '' + IMGCACHE_DOMAIN + '/music/musicbox_v2_1/img/MusicFlash.swf';
var span = document.createElement('span');
span.style.cssText = 'display:inline-block; height:' + _div_height + 'px;width:' + _div_width + 'px; overflow:hidden; vertical-align:baseline';
var parent = arr[index].parentNode;
parent.replaceChild(span, arr[index]);
span.innerHTML = '<object type="application/x-shockwave-flash" data="' + src + '" width="' + width + '" height="' + height + '" name="musicFlash' + (musicParams.length - 1) + '" id="musicFlash' + (musicParams.length - 1) + '" align="middle" ubb="' + ubb + '">' + '<param name="movie" value="' + src + '" />' + '<param name="quality" value="high" />' + '<param name="bgcolor" value="#ffffff" />' + '<param name="play" value="true" />' + '<param name="loop" value="true" />' + '<param name="wmode" value="transparent" />' + '<param name="scale" value="showall" />' + '<param name="menu" value="true" />' + '<param name="salign" value="" />' + '<param name="allowScriptAccess" value="always" />' + '</object></span>';
index--;
} else {
arr[index].id = "musicFlash" + (musicParams.length - 1);
if (QZFL.userAgent.ie < 9) {
arr[index].name = "musicFlash" + (musicParams.length - 1);
}
}
}
}
if (musicParams.length > 0) {
var jsLoader = new QZONE.jsLoader();
jsLoader.onload = function() {
initMusicData.apply(null, musicParams);
};
jsLoader.load("/music/musicbox_v2_1/js/musicblog_player.js", document, "GB2312");
}
}
};