乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-21: 细节已通知厂商并且等待厂商处理中 2013-10-21: 厂商已经确认,细节仅向厂商公开 2013-10-31: 细节向核心白帽子及相关领域专家公开 2013-11-10: 细节向普通白帽子公开 2013-11-20: 细节向实习白帽子公开 2013-12-05: 细节向公众公开
盲打
手机应用反馈处插入xss代码。获取cookie
location : http://admin.sys.www.dianping.com/Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=2781097 toplocation : http://admin.sys.www.dianping.com/Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=2781097 cookie : _hc.v="\"94e6ca19-cee3-4bac-9ce5-e5c4062cebb4.1363604834\""; ctu=ad7bdef6cb758dcb8a0cb5c38c078b1623834bb93601bf72a523b0a54f7d585d; is=267533133261; ipbh=1362585600000; owa_v=cdh%3D%3E9c2d515d%7C%7C%7Cvid%3D%3E1367821143179139802%7C%7C%7Cfsts%3D%3E1367821143%7C%7C%7Cdsfs%3D%3E0%7C%7C%7Cnps%3D%3E1; owa_s=cdh%3D%3E9c2d515d%7C%7C%7Clast_req%3D%3E1367821145%7C%7C%7Csid%3D%3E1367821143431939570%7C%7C%7Cdsps%3D%3E0%7C%7C%7Creferer%3D%3E%28none%29%7C%7C%7Cmedium%3D%3Edirect%7C%7C%7Csource%3D%3E%28none%29%7C%7C%7Csearch_terms%3D%3E%28none%29; _tr.u=513yI8MpYCmxzNWy; __utma=169583271.1703439085.1364184066.1370422318.1370670733.6; __utmz=169583271.1370670733.6.4.utmcsr=admin.sys.www.dianping.com|utmccn=(referral)|utmcmd=referral|utmcct=/Admin_FeedBack/DP_Admin_FeedBack.aspx; uniquekey=BsZIeF6pysPEj8QJJ90gLM98Qa5TTnbW; tuanflag=1; promoflag=1; winwidth=1349; winheight=621; wapvisithistory=2411263|5575882|2032762|5301281|4523208|6043342|6690375|5279076; cityid=1; citypinyin=shanghai; cityname=5LiK5rW3; visitflag=1; lln=3_S; dtip=9|2013-08-21; s_ViewType=1; LeaveMeAlone=2260|3; BIGipServeradmin_ba-newadmin=191168778.20480.0000; ll=7fd06e815b796be3df069dec7836c3df; ua=DP%E6%89%8B%E6%9C%BA%E5%B0%8F%E5%B8%AE%E6%89%8B; cye=shanghai; t_refer=1001; _tr.s=zc1yhlAVGIjOSElE; RecentDealGroupIds=288469|230780|258219|221586|221540; t_track=/c/310:D303118:D290237:D290237:D284451:D263779:T:D290237:D263779:T:D308450:D288469; tc=1; ab=66=ab:; aburl=1; cy=1; __utma=1.235365574.1377501084.1377501084.1377501084.1; __utmc=1; __utmz=1.1377501084.1.1.utmcsr=admin.sys.www.dianping.com|utmccn=(referral)|utmcmd=referral|utmcct=/Admin_FeedBack/DP_Admin_BrowseEmail.aspx opener :
当然后台需要vpn登录才能访问。看了下时间是8月份插的,访问不了后台就没提交。其实防御盲打类型仅仅屏蔽后台的访问是不完全的。只要插入的js可以执行,可以访问外网就依然存在很大的风险隐患。js可以获取屏幕截图,以及其他很多猥琐的思路。其实本来想仔细测试下,鉴于时间和能力的问题没有继续深入。
HTTP_REFERER : http://admin.sys.www.dianping.com/Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=2781097 HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36 REMOTE_ADDR : 180.166.152.82, 180.166.152.82
过滤js代码的执行才是王道。从根源上解决才行。
危害等级:低
漏洞Rank:5
确认时间:2013-10-21 15:13
已经处理了,谢谢。
暂无