当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114742

漏洞标题:搜狐某站xss盲打管理员cookie

相关厂商:搜狐

漏洞作者: 路人甲

提交时间:2015-05-18 11:06

修复时间:2015-07-02 12:42

公开时间:2015-07-02 12:42

漏洞类型:xss跨站脚本攻击

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-18: 细节已通知厂商并且等待厂商处理中
2015-05-18: 厂商已经确认,细节仅向厂商公开
2015-05-28: 细节向核心白帽子及相关领域专家公开
2015-06-07: 细节向普通白帽子公开
2015-06-17: 细节向实习白帽子公开
2015-07-02: 细节向公众公开

简要描述:

rt

详细说明:

不给公仔,又来提交漏洞咯!哈哈哈!

QQ截图20150518110210.png

漏洞证明:

2015-05-18 10:26:46	
location : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
toplocation : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
cookie : PPUV=1427355119135595; vjuids=620b6923b.14c5915ef9e.0.cda82451; gn12=w:1; shenhui12=w:1; gj12=w:1; IPLOC=CN1100; SUV=1503271035525096; beans_dmp_1503271035525096=1431322017351; vjlast=1427423752.1431322018.11; sohutag=8HsmeSc5NCwmcyc5NCwmYjc5NjwmYSc5NCwmZjc5NCwmZyc5NCwmbjc5NTIsJ2kmOiAsJ3cmOiAsJ2gmOiAsJ2NmOiAsJ2UmOiAsJ20mOiAsJ3QmOiB9
opener :
HTTP_REFERER : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
REMOTE_ADDR : 123.126.70.238
删除
-折叠 2015-05-18 10:26:46
location : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
toplocation : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
cookie : PPUV=1427355119135595; vjuids=620b6923b.14c5915ef9e.0.cda82451; gn12=w:1; shenhui12=w:1; gj12=w:1; IPLOC=CN1100; SUV=1503271035525096; beans_dmp_1503271035525096=1431322017351; vjlast=1427423752.1431322018.11; sohutag=8HsmeSc5NCwmcyc5NCwmYjc5NjwmYSc5NCwmZjc5NCwmZyc5NCwmbjc5NTIsJ2kmOiAsJ3cmOiAsJ2gmOiAsJ2NmOiAsJ2UmOiAsJ20mOiAsJ3QmOiB9
opener :
HTTP_REFERER : http://cms.store.sohu.com/feedback/index.html?search_EQI_status=1
HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
REMOTE_ADDR : 123.126.70.238

修复方案:

求公仔`!thx!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-05-18 12:41

厂商回复:

感谢支持。

最新状态:

暂无