乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-12: 细节已通知厂商并且等待厂商处理中 2015-01-12: 厂商已经确认,细节仅向厂商公开 2015-01-15: 细节向第三方安全合作伙伴开放 2015-03-08: 细节向核心白帽子及相关领域专家公开 2015-03-18: 细节向普通白帽子公开 2015-03-28: 细节向实习白帽子公开 2015-04-13: 细节向公众公开
和金山一起测试的。
手机不截图,厂商自己看吧。有俩个地址。。
2015-01-11 11:42:00location : http://admin.feedback2.dongting.com/main.html#c=threads&a=list&page=2toplocation : http://admin.feedback2.dongting.com/main.html#c=threads&a=list&page=2cookie : Hm_lvt_0ed266cec2251048d2c18229c7994a6c=1417681705; UID=1417681705155.2485opener :HTTP_REFERER : http://admin.feedback2.dongting.com/main.htmlHTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36REMOTE_ADDR : 116.228.40.46, 54.178.75.106
location : http://mongo.ttpod.com/index.php?action=collection.modifyRow&db=feedback2012&collection=feedback&id=rid_object%3A548718bd0cf2ecc9faf019cb&uri=%2Findex.php%3Fdb%3Dfeedback2012%26collection%3Dfeedback%26action%3Dcollection.index%26format%3Djson%26criteria%3D%257B%250D%250AproposalContent%253A%257B%2524regex%253A%2527%253Cscript%2527%257D%2509%2509%2509%2509%2509%250D%250A%257D%26newobj%3D%257B%250D%250A%2509%2527%2524set%2527%253A%2B%257B%250D%250A%2509%2509%252F%252Fyour%2Battributes%250D%250A%2509%257D%250D%250A%257D%26field%255B%255D%3D_id%26order%255B%255D%3Ddesc%26field%255B%255D%3D%26order%255B%255D%3Dasc%26field%255B%255D%3D%26order%255B%255D%3Dasc%26field%255B%255D%3D%26order%255B%255D%3Dasc%26limit%3D0%26pagesize%3D10%26command%3DfindAlltoplocation : http://mongo.ttpod.com/index.php?action=admin.index&host=0cookie : Hm_lvt_f5127c6793d40d199f68042b8a63e725=1409713837,1409911672,1410750097,1410836208; ROCK_LANG=zh_cn; rock_format=json; Hm_lvt_1ea22b581fec23080b655cfce9e2205c=1418612355,1419229420,1420537434; pgv_pvi=2146662400; PHPSESSID=684hgfc6g0j0klf9ji0jib3a70opener :
如上
不知道(╯з╰)(╯з╰)-_-#
危害等级:低
漏洞Rank:3
确认时间:2015-01-12 12:48
问题已知,正在修复,多谢反馈
暂无