乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
POST /ask/admin.php?doaction=topicDeal&mode=zhadui HTTP/1.1Content-Length: 184Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://2.job1001.comCookie: PHPSESSID=52e47135592c92b85072174c467115b4; company_visit_hotcm1305190795416=1; company_visit_hotcm1316998102851=1; company_visit_hotcm1309423455275=1; company_visit_hotcm1314689749806=1; company_visit_hotcm1314578883608=1; company_visit_hotcm1303722802251=1; company_visit_hotcm1307934310334=1; company_visit_hotcm1316141701317=1; company_visit_hotcm1438847885895=1; 8e1fee50b82123494553688c060f2879=1; company_visit_hotcm1425128438596=1; 3c052f08b73a5a98344acdb24c019097=1; company_visit_hotcm1448250064506=1; 764ea8a3b728efe78fade58fba31fe1c=1; company_visit_hotcm1398327727578=1; 916e33d5e0ece0e3b8feb5f33adaa1fc=1; company_visit_hotcm1445328958751=1; 525dc8834cba5167e57d4b7b7c68171e=1; company_visit_hotcm1408523856199=1; a2db7e32ad1edce58f89f6a68f8c7209=1; company_visit_hotcm1448248808741=1; ba1cb0c1b2f0cac95f6a4d2d978dd092=1; company_visit_hotcm1374126352576=1; 3635e5fc63e00172a68ccc9e67b87257=1; company_visit_hotcm1303737709325=1; running_time=1448335755467; url_running=http%3A%2F%2F2.job1001.com%2Faboutus%2Fwww.buildexchina.com.cn%23; cookieflag=1448334301526102062; cookieflagall=1448334301526860417; cookiesession=14483343015270.29070144472643733; cookieflagfor=3132074426; ucheck=false; uname=; password=; ucheck_enter=false; uname_enter=; password_enter=; safe_code=; IM_running_on=1; Hm_lvt_a2cccb25ea1b4807cf3720f792c919c1=1448335446,1448335476,1448335573,1448335595; Hm_lpvt_a2cccb25ea1b4807cf3720f792c919c1=1448335595; HMACCOUNT=F77BBB58784F51A5; _fmdata=8CA4DA6E8B3846CD31C4F84E17AB1262D867FD852F46E879BC5FC1B433CD3927335FB03FBECA25DF492011E5AD6D84EEA738E694E98B050C; BAIDUID=78394D3771D6C76CF0D3B036B4403BC7:FG=1; bdshare_firstime=1448334927687; Hm_lvt_0216ff792088201b251e5b7ae8ac7ffb=1448334928; Hm_lpvt_0216ff792088201b251e5b7ae8ac7ffb=1448334928; zw_view_history_str=46839014%252B%252B%25B3%25A4%25CA%25E4%25B9%25DC%25B5%25C0%25BC%25EC%25D1%25E9%25CA%25A6%252B%252B%252FJob_Detail.php%253FCompanyDetail%253Dcm1448250064506%2526ZhoaPinDetail%253D46839014%2526action%253DMyApply%252B%252B1448336318%252C%252C46133136%252B%252B%25CF%25EE%25C4%25BF%25BE%25AD%25C0%25ED%252B%252B%252FJob_Detail.php%253FCompanyDetail%253Dcm1398327727578%2526ZhoaPinDetail%253D46133136%2526contract%253D1%252B%252B1448334184; aacfc53cc06d2ae26efe1bfd5e0a7851=1; a944bcddd41bb8320dc4524205b7f236=1; 7d128618be5f354ad8b8fd9f409fb6e6=1; 64fb49f52b90939d6ef588375920dfc8=1; df20782477eec1ed8892999f9c289902=1; da6a8394fb9c33c61295dd1e3747ad9e=1; 7e92257c54c25fe09241df7a29e9700c=1; company_visit_hotcm1447832728658=1; dc119b91a0bc7ce5ceb5da121b6130ea=1; 25e66279c4667ae48a02b2742cfb9ab8=1; company_visit_hotcm1364975769601=1; 5577e8fa0a4068b35db591a5b693ed7a=1; 0d5d214347f5508f7718c9a5f67ae8d5=1; tc=1Host: 2.job1001.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*http_request_count=0&request_type=loadTopic&tradeid=4&uid=1
uid参数存在注入,过滤了大于符号,使用between.py绕过
涉及206张表:
危害等级:低
漏洞Rank:3
确认时间:2015-11-24 18:36
感谢白帽子,感谢乌云平台,开发人员已经第一时间处理。
暂无