乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-21: 细节已通知厂商并且等待厂商处理中 2015-04-21: 厂商已经确认,细节仅向厂商公开 2015-05-01: 细节向核心白帽子及相关领域专家公开 2015-05-11: 细节向普通白帽子公开 2015-05-21: 细节向实习白帽子公开 2015-06-05: 细节向公众公开
http://yuyue.ecare365.com/Query.aspx
http://yuyue.ecare365.com/OrdModify.aspx
应该是每张页面的每个输入框都有问题,拿第一张页面举例:
POST /Query.aspx HTTP/1.1Host: yuyue.ecare365.comUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://yuyue.ecare365.com/Query.aspxCookie: ASP.NET_SessionId=r2cuqlfxboed2yw2niqfr3p2; __utma=66602278.1222785959.1429234730.1429234730.1429234844.2; __utmc=66602278; __utmz=66602278.1429234844.2.2.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=site%3Ayuyue.ecare365.com; _smtz=smt_md%3Dwww.baidu.com%26smt_pl%3Dorganic%26smt_kw%3Dsite%253Ayuyue.ecare365.com%26smt_cp%3D(organic); _smta=5530649d.4d4d24af%2C1429234845%2C1429236645%2C1%2C1%2C1%2C1429234845; _smtp=7f2b727fefc2; _smtt=1429234863; pgv_pvi=8866345984; pgv_si=s8493341696Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 1334__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTQyMTM0MzI1OA9kFgJmD2QWAgIDD2QWBAIFD2QWAmYPZBYEZg9kFgRmD2QWAgIBDxBkZBYBZmQCAQ9kFgICAQ8QZBAVAgPlkKYD5pivFQID5ZCmA%2BaYrxQrAwJnZxYBZmQCAQ9kFgICAQ9kFgICAQ8QZBAVBAblhajpg6gM55S16ISR5LyY5YyWDOaVhemanOaOkuafpQzmiYvmnLrov57mjqUVBAblhajpg6gM55S16ISR5LyY5YyWDOaVhemanOaOkuafpQzmiYvmnLrov57mjqUUKwMEZ2dnZ2RkAgYPZBYCAgEPPCsAEQMADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAAwUKwAAZBgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUSY3RsMDAkSW1hZ2VCdXR0b24xBRtjdGwwMCRNYWluQ29udGVudCRHcmlkVmlldzEPPCsADAEIZmT6xWd8nRbisYz4d0Gc7pvMloUxS3invTU6CBSOzTz1FQ%3D%3D&ctl00%24FeaturedContent%24DropDownList1=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24DropDownList5=%E5%90%A6&ctl00%24FeaturedContent%24DropDownList6=&ctl00%24FeaturedContent%24DropDownList3=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24DropDownList4=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24yid=&ctl00%24FeaturedContent%24name=123&ctl00%24FeaturedContent%24mgr=&ctl00%24FeaturedContent%24tl=&ctl00%24FeaturedContent%24engr=&ctl00%24FeaturedContent%24cardno=&ctl00%24FeaturedContent%24phone=&ctl00%24FeaturedContent%24DateReceived1=&ctl00%24FeaturedContent%24DateReceived2=&ctl00%24FeaturedContent%24DateReceived3=&ctl00%24FeaturedContent%24DateReceived4=&ctl00%24FeaturedContent%24BtnTest2=%E6%9F%A5%E8%AF%A2
危害等级:高
漏洞Rank:13
确认时间:2015-04-21 16:33
感谢您对联想信息安全工作的关注与支持!联想于2015年4月3日启用安全应急响应中心(LSRC),欢迎大家向我们反馈联想产品、服务和业务系统的安全漏洞,以帮助我们提升产品和业务的安全性。相关细则请登录安全应急响应中心站点(http:// )1. 4月联想组织双倍积分回馈活动!2. 4月杰出贡献奖,Ipad Air2一台!
暂无