Bezbedan Balkan Bezbednost državnih resursa Kompromitovani resursi v
XSS na hidmet.gov.rs

Threaded Mode
XSS na hidmet.gov.rs
1van Offline
Posting Freak
*****
Posts: 1,728
Threads: 664
Joined: Sep 2022
Reputation: 126
#1
01-05-2023, 06:48 PM
Eksploatisan je Cross Site Scripting (XSS) propust na hidmet.gov.rs. Na osnovu primera rekao bih da je samo reflektujući, ali i dalje postoje načini za zloupotrebu. Izvor: https://twitter.com/Anonymous_Link/statu...7209760768, arhivirano: https://archive.ph/WPNwb.

[Image: attachment.php?aid=392]


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Website Find
Reply
1van Offline
Posting Freak
*****
Posts: 1,728
Threads: 664
Joined: Sep 2022
Reputation: 126
#2
01-05-2023, 07:03 PM
Preporuka za građane, ne otvarajte linkove koji Vam stižu od nepoznatih izvora, a vode na http://hidmet.gov.rs. Jedna od Anonimus grupa je pronašla propust koji može da izmeni stranicu sa ciljem umetanja malicioznog koda. Za nadležne, naravno, ispravite ovaj propust, čini mi se i da samo funkcija htmlspecialchars(urldecode()) bi rešila problem (ali ima i drugih kompletnijih rešenja za PHP).
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Website Find
Reply
1van Offline
Posting Freak
*****
Posts: 1,728
Threads: 664
Joined: Sep 2022
Reputation: 126
#3
12-15-2023, 08:41 PM
IP: 79.101.42.78
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Website Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)