283
回編集
Flandre495 (トーク | 投稿記録) (→関連リンク) |
Flandre495 (トーク | 投稿記録) 編集の要約なし |
||
12行目: | 12行目: | ||
<blockquote> | <blockquote> | ||
<dt> 1 :<font color="green"><b>C </b>◆Odemonkey. <b>@Code Monkey ★</b></font>:2014/04/05(土) 16:40:33.31 ID:???0</dt><dd> Hello 2ch netizens. <br> <br> Today I will release BE Version 2.0 β <br> <br> Anybody who signs up for the beta version and confirms their email will receive 1000 BE points. <br> After the official release of BE version 2.0, then the free 1000 BE point event will cease. <br> <br> Features currently available in BE Version 2.0 β: <br> * Change ICON [It is currently FREE to change your icon] <br> * Login/Logout API <br> * BBS.CGI compatibility <br> * Dedicated browser compatibility <br> <br> Features coming soon: <br> * Profile page <br> * Buy BE points <br> * Exchange BE points <br> * BE stock exchange <br> * Many more.... </dd> | <dt> 1 :<font color="green"><b>C </b>◆Odemonkey. <b>@Code Monkey ★</b></font>:2014/04/05(土) 16:40:33.31 ID:???0</dt><dd> Hello 2ch netizens. <br> <br> Today I will release BE Version 2.0 β <br> <br> Anybody who signs up for the beta version and confirms their email will receive 1000 BE points. <br> After the official release of BE version 2.0, then the free 1000 BE point event will cease. <br> <br> Features currently available in BE Version 2.0 β: <br> * Change ICON [It is currently FREE to change your icon] <br> * Login/Logout API <br> * BBS.CGI compatibility <br> * Dedicated browser compatibility <br> <br> Features coming soon: <br> * Profile page <br> * Buy BE points <br> * Exchange BE points <br> * BE stock exchange <br> * Many more.... </dd> | ||
</blockquote> | |||
<div>その直後にクロスサイトスクリプティングの脆弱性が発見される。</div> | |||
<div>be.2ch.net内のstatus.php内で恐らく、$_GET['ico']で取得した文字列がその後の処理の際にエスケープ処理されなかった事による物であった。</div> | |||
<blockquote> | |||
<dt>53 :<a href="mailto:sage"><b>番組の途中ですがアフィサイトへの転載は禁止です</b></a>:2014/04/05(土) 20:16:53.27 ID:6Wl76cGr0</dt><dd> ああわかったぞ <br> beの画像の値に">を入れてるのか <br> <a href="http://be.2ch.net/status.php?ico=">" target="_blank">http://be.2ch.net/status.php?ico="></a>にすることでXSSが可能になると <br> 書き込みでのエスケープ処理はされてる</dd> | |||
</blockquote> | |||
<div>その後、Code Monkey★に確認され修正される</div> | |||
<blockquote> | |||
<dt>128 :<font color="green"><b>C </b>◆Odemonkey. <b>@Code Monkey ★</b></font>:2014/04/05(土) 20:42:47.78 ID:???0 <a href="javascript:be(847328605);">?2BP(1000)</a></dt><dd> <img src="http://img.2ch.net/ico/anime_zonu02.gif"> <br> Here is what happened: <br> <br> The programmers in Jim-san's office made the HTML pages for the new <a href="http://jump.2ch.net/?be.2ch.net." target="_blank">http://be.2ch.net.</a> <br> <br> I thought they had properly sanitized and verified everything. I guess I was wrong. <br> <br> I have taken the new be.2ch.net beta offline for the moment. <br> <br> I will fix it and properly sanitize and verify all input. <br> <br> After I fix it, ill put it back online, then you guys can try to find some new XSS vulnerabilities. <br> <br> Thanks! </dd> | |||
</blockquote> | </blockquote> | ||
==関連リンク== | ==関連リンク== | ||
18行目: | 28行目: | ||
<div>[http://qb5.2ch.net/test/read.cgi/operate/1394550752/ Let's talk with Jim-san in operate. ★10]</div> | <div>[http://qb5.2ch.net/test/read.cgi/operate/1394550752/ Let's talk with Jim-san in operate. ★10]</div> | ||
<div>[http://maguro.2ch.net/test/read.cgi/poverty/1396683633/ Announcing the beta version of BE Version 2.0 β]</div> | <div>[http://maguro.2ch.net/test/read.cgi/poverty/1396683633/ Announcing the beta version of BE Version 2.0 β]</div> | ||
<div>[http://maguro.2ch.net/test/read.cgi/poverty/1396694721/【悲報】2ちゃんねるにXSSの脆弱性発見される]</div> |
回編集