乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-24: 细节已通知厂商并且等待厂商处理中 2015-08-27: 厂商已经确认,细节仅向厂商公开 2015-09-06: 细节向核心白帽子及相关领域专家公开 2015-09-16: 细节向普通白帽子公开 2015-09-26: 细节向实习白帽子公开 2015-10-11: 细节向公众公开
APICloud注入
注入点1:
GET /getModule?appId=A6995954745068&startNum=96&size=32&platform=-1&type=7 HTTP/1.1Host: www.apicloud.comProxy-Connection: keep-aliveAccept: */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36Referer: http://www.apicloud.com/totalareaAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: username=ide413%40163.com; pgv_pvi=173264250; pgv_info=ssi=s3312988234; curAppId=A6995954745068; curAppName=HelloApp; CNZZDATA1253236292=752279662-1440405255-%7C1440410655; Hm_lvt_ae739dc4e9f16c0da7b6f2e4108cad83=1440408890; Hm_lpvt_ae739dc4e9f16c0da7b6f2e4108cad83=1440411002; userIcon=%2Fimage%2Fpng%2F5e%2F57%2F5e57839c592bf5ceb2d032622e38a130.30x30.png; nickname=wafewfaw; mcmOpened=0; appType=-1; i18next=zh-CN; connect.sid=s%3AHBF8xtTOZIoZClBG7uaPlcqY.tNBRjTBIpJqi8k4U2KR70%2BwV5hinQJxX5zhPy5lA4f8
需cookies注入点2:
GET /getModule?appId=A6995954880146&startNum=0&size=32&platform=-1&type=7&timepicker=1440412305797 HTTP/1.1Host: apicloud.comProxy-Connection: keep-aliveaccept: application/jsonCache-Control: no-cachetimepicker: 1440412305798User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36Referer: http://apicloud.com/packageAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: connect.sid=s%3AdsBzcWUilnsV2WlC94tPkndp.gsW%2BaTzUsyG55DUk8CWYUM8MP%2FO4vei1aIvbeH%2BYBx0
过滤
危害等级:中
漏洞Rank:8
确认时间:2015-08-27 14:17
功能代码已修复,感谢支持
暂无