乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-16: 细节已通知厂商并且等待厂商处理中 2016-01-18: 厂商已经确认,细节仅向厂商公开 2016-01-28: 细节向核心白帽子及相关领域专家公开 2016-02-07: 细节向普通白帽子公开 2016-02-17: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
刷了这么多,不知道厂商有没有什么礼物呀。
这次问题出在i.yingxiong.com 也就是会员登录中心
POST /sso/AjaxCheckUsername/type/1 HTTP/1.1Cookie: CNZZDATA1253540704=43597536-1441296055-http%253A%252F%252Fwww.baidu.com%252F%7C1441551434; PHPSESSID=akr4u05gbhjn8dlbmn5i3delb0; C775_cart_goods_num=1; C775_seccodea6d9d3cb=O39MqKRQxH7Wf1eGzwLJ2EysP6yL_AvFR3eH5DEO8EOKMOxUyC4; C775_seccodea278b191=iatSrrg9Wc2DNjb0YgxPcq-JwiTlPM-mxaMtuyliue-rknJabNZ; C775_msgnewnum3269=0Content-Length: 110Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://i.yingxiong.com:80/Host: i.yingxiong.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*CMGE_TOKEN=ea5a29a0842024f4f58c6b6394b17e4f8afb6963&email=1
email参数问题
还有登录时username参数的问题
POST /sso/AjaxLoginHandle HTTP/1.1Cookie: CNZZDATA1253540704=43597536-1441296055-http%253A%252F%252Fwww.baidu.com%252F%7C1441551434; PHPSESSID=akr4u05gbhjn8dlbmn5i3delb0; C775_cart_goods_num=1; C775_seccodea6d9d3cb=O39MqKRQxH7Wf1eGzwLJ2EysP6yL_AvFR3eH5DEO8EOKMOxUyC4; C775_seccodea278b191=iatSrrg9Wc2DNjb0YgxPcq-JwiTlPM-mxaMtuyliue-rknJabNZ; C775_msgnewnum3269=0Content-Length: 178Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://i.yingxiong.com:80/Host: i.yingxiong.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept: */*password=mango19995&remberUser=1&username=1
尝试登录一个ID
基本上所有的用户都在这~
请严格盘查重点业务~
危害等级:中
漏洞Rank:8
确认时间:2016-01-18 15:18
感谢,开发人员反馈是,开发环境的代码
暂无