乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
POST /yy/dd/BillBoardIndex HTTP/1.1Content-Length: 153Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://yinyue.kuwo.cnCookie: JSESSIONID=2239AB7B78CA1BA5360DE883275DA713.worker3; JSESSIONID=3EB1C6CF70E5E8F0C6D890C4B22E9304.worker3; Hm_lvt_cdb524f42f0ce19b169a8071123a4797=1444408982,1444409080,1444409184,1444409273; Hm_lpvt_cdb524f42f0ce19b169a8071123a4797=1444409273; bdshare_firstime=1444408373733; HMACCOUNT=DE1039CBFBE0CBB4; BAIDU_DUP_lcr=http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); rec_usr=1444408451288x248_0_1444408451288; BAIDUID=E873CCF12448972C14F2C33F05E23DBB:FG=1; KW_COL_MUSIC=6484107%2C6484108%2C6484109%2C6484110%2C6484111%2C6469484%2C6469480%2C6469481%2C6469482%2C6469483%2C6469485%2C442554%2C1294406%2C635632%2C125854%2C513481%2C481141%2C891712%2C150621%2C4061663%2C218086%2C4998874%2C138243%2C213974%2C84423%2C58604%2C162175%2C80403%2C279153%2C229022%2C4855762%2C202673%2C268360%2C1161285%2C156514%2C3615946%2C4020459%2C166731%2C78114%2C3307158%2C102851%2C5235286%2C320411%2C830227%2C156517%2C243825%2C1084932%2C1120849%2C1964675%2C4405653%2C81457%2C4802881%2C3241508%2C551607%2C540455%2C4122290%2C6573892%2C6623012%2C5354512; is_unique=sc8062124.1444409886.0; __cfduid=d20a0c14b0842eb66af268de781a491661444410333; _gscu_2087265495=44410487i5msu720; _gscs_2087265495=44410487l14p8v20|pv:1; _gscbrs_2087265495=1Host: yinyue.kuwo.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*cat=15&phase=39156&_=
cat参数存在注入
危害等级:低
漏洞Rank:2
确认时间:2015-10-10 11:19
已有其他用户提交漏洞,所以rank给得低
暂无