乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-07: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经确认,细节仅向厂商公开 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
中石化森美手机APP客户端xss漏洞盲打后台
中石化森美“车e族”APP客户端xss漏洞盲打后台
在安卓版本和苹果版本的手机客户端中都存在XSS漏洞
等了一天,XSS平台就收到COOKIE了
伪造COOKIE登录
cookies代码
ff911a88cc5c46ac9185aa1e2d241864=923ae76f129f459077bcde1d2483c5ce213adb0fa%3A4%3A%7Bi%3A0%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bi%3A1%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A3%3A%7Bs%3A2%3A%22id%22%3Bs%3A5%3A%2238005%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1420506874_37498%22%3Bs%3A4%3A%22user%22%3Ba%3A17%3A%7Bs%3A6%3A%22userId%22%3Bs%3A5%3A%2238005%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1420506874_37498%22%3Bs%3A3%3A%22pwd%22%3Bs%3A32%3A%227fadd3ede5b968bd6505905b1342b23c%22%3Bs%3A3%3A%22mob%22%3Bs%3A19%3A%22cy_1421903480601123%22%3Bs%3A5%3A%22alias%22%3Bs%3A12%3A%22%E5%AE%A2%E6%9C%8D%E4%B8%AD%E5%BF%83%22%3Bs%3A6%3A%22imgKey%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22status%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22addTime%22%3Bs%3A19%3A%222015-01-06 09%3A14%3A34%22%3Bs%3A7%3A%22modTime%22%3Bs%3A19%3A%222015-04-19 15%3A16%3A21%22%3Bs%3A5%3A%22email%22%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bs%3A9%3A%22loginTime%22%3Bs%3A19%3A%222015-04-19 20%3A22%3A47%22%3Bs%3A4%3A%22type%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22companyId%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22client%22%3Bs%3A1%3A%220%22%3Bs%3A11%3A%22deviceToken%22%3Bs%3A0%3A%22%22%3Bs%3A10%3A%22modPwdTime%22%3Bs%3A19%3A%222015-01-06 09%3A19%3A22%22%3Bs%3A4%3A%22role%22%3Bs%3A1%3A%221%22%3B%7D%7D%7D; USERSESSID=cd489caca7192f5b69e71e4163d70e6c;
解码后
ff911a88cc5c46ac9185aa1e2d241864=923ae76f129f459077bcde1d2483c5ce213adb0fa:4:{i:0;s:32:"[email protected]";i:1;s:32:"[email protected]";i:2;i:2592000;i:3;a:3:{s:2:"id";s:5:"38005";s:4:"name";s:19:"cy_1420506874_37498";s:4:"user";a:17:{s:6:"userId";s:5:"38005";s:4:"name";s:19:"cy_1420506874_37498";s:3:"pwd";s:32:"7fadd3ede5b968bd65**********";s:3:"mob";s:19:"cy_1421903480601123";s:5:"alias";s:12:"客服中心";s:6:"imgKey";s:0:"";s:6:"status";s:1:"0";s:7:"addTime";s:19:"2015-01-06 09:14:34";s:7:"modTime";s:19:"2015-04-19 15:16:21";s:5:"email";s:32:"[email protected]";s:9:"loginTime";s:19:"2015-04-19 20:22:47";s:4:"type";s:1:"1";s:9:"companyId";s:1:"2";s:6:"client";s:1:"0";s:11:"deviceToken";s:0:"";s:10:"modPwdTime";s:19:"2015-01-06 09:19:22";s:4:"role";s:1:"1";}}}; USERSESSID=cd489caca7192f5b69e71e4163d70e6c;
后台地址:http://sinopecsenmeifj.o2obest.cn/shop/user/login?redirect=%2Fshop%2Fadvice%2Fadvicelist%3Fpage%3D11直接可看到用户名和密码 后台权限很大可查看订单数据还可对客户端进行操作~~
危害很大,建议立刻处理~~~~
危害等级:中
漏洞Rank:6
确认时间:2015-05-11 18:51
CNVD未复现所述情况,已经转由CNCERT向能源行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无