乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-12: 细节已通知厂商并且等待厂商处理中 2013-07-12: 厂商已经确认,细节仅向厂商公开 2013-07-22: 细节向核心白帽子及相关领域专家公开 2013-08-01: 细节向普通白帽子公开 2013-08-11: 细节向实习白帽子公开 2013-08-26: 细节向公众公开
@天极传媒集团 礼物~~ 求ipad
xss漏洞页面 http://opinion.chinabyte.com/reader/reader.jhtml?sitemapId=1&url=http://www.chinabyte.com&title=%B1%C8%CC%D8%CD%F8 这页面提交时进行抓包改包后,提交无任何字符验证和限制。。
location : http://cms.chinabyte.com/welcome/init.jhtml toplocation : http://cms.chinabyte.com/welcome/init.jhtml cookie : pgv_pvi=7925253120; tmg_utma=13535601925770897111399294911401; bdshare_firstime=1353560192884; Hm_lvt_df2f21eca038386f5cd0ad2cf0361322=1364224425; CNZZDATA2917603=cnzz_eid%3D1138048181-1365660427-http%253A%252F%252Fcms.chinabyte.com%26ntime%3D1365660427%26cnzz_a%3D2%26retime%3D1365662784991%26sin%3Dnone%26ltime%3D1365662784991%26rtime%3D0; Hm_lvt_f7fce97a25fad48b0c5ca153eb03da19=1365660429; CNZZDATA2390983=cnzz_eid%3D502061928-1365663008-http%253A%252F%252Fcms.chinabyte.com%26ntime%3D1365663008%26cnzz_a%3D0%26retime%3D1365663142408%26sin%3Dnone%26ltime%3D1365663142408%26rtime%3D0; Q%25uwBang_8fb6_smile=1D1; _pk_id.1.c371=e98fce7f0e5fd171.1367935211.1.1367935211.1367935211.; Hm_lvt_75415f3ed180563494d0db0678a3ba5d=1369019801,1369214508,1369287666,1369362647; JSESSIONID=CE2BDDDA50E3788983AA8002716779EA.tomcat2; Hm_lvt_c2ecbfe0013c0738c47f5b157c37b1ca=1373526307,1373540526,1373541954,1373552344; Hm_lpvt_c2ecbfe0013c0738c47f5b157c37b1ca=1373553690; __utma=1921390.1110005213.1344747181.1373550370.1373552344.961; __utmb=1921390.7.10.1373552344; __utmc=1921390; __utmz=1921390.1373552344.961.450.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=CRM; tmc=8.1921390.12054051.1373550820519.1373553666864.1373553690846; tma=90169001782106910.84635570.1348530951265.1354973199409.1355066811955.8; tmd=89.90169001782106910.84635570.1348530951265.; bfd_session_id=bfd_g=83bd782bcb74fca20000707200000c6d4fabe453&bfd_s=1921390.19433259.1373550820504; u=NEVDNzAzRTZEOTE2ODZFN0RFOTBENzI0ODlCRkE2OEF8bGl3ZWl8YmExYjhmYmNkY2JlYzhjNmYwMjgwNzcwN2M5MDE3NTh8 opener :
其实貌似也可以盲打天极其他产品 这个网址后面的url是可以改的 改成什么应该会发到对应的后台审核,这个我确认了了。。我发到天极的时候,比特后台却没有显示。。。 话说 天极网 礼物什么时候送。。。
你知道的,求ipad~~~
危害等级:高
漏洞Rank:15
确认时间:2013-07-12 11:48
谢谢你的帮忙,我们会尽快处理。
暂无