惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
P
Palo Alto Networks Blog
GbyAI
GbyAI
大猫的无限游戏
大猫的无限游戏
A
Arctic Wolf
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
Blog — PlanetScale
Blog — PlanetScale
S
Schneier on Security
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
雷峰网
雷峰网
T
Tenable Blog
人人都是产品经理
人人都是产品经理
T
Tor Project blog
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Microsoft Security Blog
Microsoft Security Blog
J
Java Code Geeks
Scott Helme
Scott Helme
SecWiki News
SecWiki News
C
CERT Recently Published Vulnerability Notes
Recorded Future
Recorded Future
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
Cloudbric
Cloudbric
C
Check Point Blog
Engineering at Meta
Engineering at Meta
TaoSecurity Blog
TaoSecurity Blog
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园_首页
N
News and Events Feed by Topic
云风的 BLOG
云风的 BLOG
MyScale Blog
MyScale Blog
腾讯CDC
量子位
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
Kaspersky official blog
Vercel News
Vercel News
F
Full Disclosure
T
Troy Hunt's Blog
Forbes - Security
Forbes - Security
S
Security @ Cisco Blogs

EVILCOS

WordPress防火墙 – EVILCOS XSS’OR 开源,Hack with JavaScript – EVILCOS 前端黑在线工具 XSS’OR – EVILCOS 蠕虫挖矿一例,无码 – EVILCOS [PRE]CSRF攻击-进击的巨人 – EVILCOS 说说“当代 Web 的 JSON 劫持技巧” – EVILCOS 关于浏览器混合内容的安全性 – EVILCOS 记第10次印刷 – EVILCOS [UPDATE]号称影响10亿App的OAuth2.0使用缺陷 – EVILCOS
一种新型蠕虫:花瓣CORSBOT蠕虫 – EVILCOS
About 余弦 一个符号而已 View all posts by 余弦 → · 2017-01-29 · via EVILCOS

一种新型蠕虫:花瓣CORSBOT蠕虫

新年新气象,这个蠕虫我做了小范围测试,也提交了官方修复,小圈子里做了分享,这里正式对外公布下,出于研究而非破坏为目的,供大家参考。

IAMANEWBOTNAMEDCORSBOT
——-BOT PoC——-
http://evilcos.me/lab/IAMANEWBOTNAMEDCORSBOT.TXT

完整代码直接见上面这个链接即可。

里面需要特别注意的两个点:

  1. Conten-Type是JSON
  2. Origin是:huaban.com.al3rt.io,这个小技巧直接绕过花瓣的Origin判断

所以,蠕虫得以传播。

本质是:CORS(Cross-Origin Resource Sharing)的滥用导致,效果图:

最后,友情提示下:这个问题还是比较普遍的。脑洞怎么开,玩起来才会知道,不玩永远想不到:-)