查看: 11937|回复: 2

【转载】 date() is evil (XSS’able)

[复制链接]
  • TA的每日心情
    无聊
    2020-1-16 21:33
  • 签到天数: 175 天

    [LV.7]常住居民III

    发表于 2014-3-6 11:57:11 | 显示全部楼层 |阅读模式
    本帖最后由 Antergone 于 2014-3-6 11:58 编辑

    I was playing with PHP (As usual) and i was thinking about date()

    It’s a PHP function that displays date in different formats.

    According to the documentation: “Unrecognized characters in the format string will be printed as-is.”

    So what if i try to insert HTML there as well?

    I tried <?php echo date(‘<img src=x onerror=alert(\’XSS\’)>’; ?>

    But all characters are accepted in the format so the output was:
    <59033 32Tue, 04 Mar 2014 15:59:32 +00002014-03-04T15:59:32+00:00=x 20143UTCTue, 04 Mar 2014 15:59:32 +0000Tue, 04 Mar 2014 15:59:32 +00002014Tue, 04 Mar 2014 15:59:32 +0000=pmTuesdayUTCTue, 04 Mar 2014 15:59:32 +000031(‘Xthth’)>

    Obviously that’s not gonna give us the XSS payload, the page also says:
    “You can prevent a recognized character in the format string from being expanded by escaping it with a preceding backslash. If the character with a backslash is already a special sequence, you may need to also escape the backslash.”

    So i tried to escape the characters i supplied with a backslash.
    <?php
    echo date(‘<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\’X\S\S\’)\>’);
    ?>

    And viola! i saw the magic message box!

    So filter the output of date like you would filter and user submitted input.

    And if you don’t think someone would do echo date($_GET['date'])………… THINK AGAIN!

    http://phpkurs.se/php/ajax-med-jquery-och-php.html
    http://forums.phpfreaks.com/topi ... ay-with-a-variable/
    http://www.neosoftware.com/commu ... 07275b2a3#p11206894
    http://www.sitepoint.com/forums/ ... wfull=1#post2031078
    http://www.computercraft.info/fo ... _findpost__p__37833

    date() is evil, don’t trust it.

    413420fbgw1ee5vtled6nj20ze0el76u.jpg


    原文地址:http://0xa.li/php-date-is-xssable/

    回复

    使用道具 举报

  • TA的每日心情
    慵懒
    2017-1-5 19:19
  • 签到天数: 238 天

    [LV.7]常住居民III

    发表于 2014-3-6 18:01:02 | 显示全部楼层
    这都啥啊????
    回复 支持 反对

    使用道具 举报

    该用户从未签到

    发表于 2014-3-7 06:25:16 | 显示全部楼层
    小学英语的路过
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    指导单位

    江苏省公安厅

    江苏省通信管理局

    浙江省台州刑侦支队

    DEFCON GROUP 86025

    旗下站点

    邮箱系统

    应急响应中心

    红盟安全

    联系我们

    官方QQ群:112851260

    官方邮箱:security#ihonker.org(#改成@)

    官方核心成员

    Archiver|手机版|小黑屋| ( 苏ICP备2021031567号 )

    GMT+8, 2024-12-25 02:00 , Processed in 0.024797 second(s), 14 queries , Gzip On, MemCache On.

    Powered by ihonker.com

    Copyright © 2015-现在.

  • 返回顶部