当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142587

漏洞标题:58某处存储XSS(已盲打到后台)

相关厂商:58同城

漏洞作者: 残废

提交时间:2015-09-22 10:24

修复时间:2015-11-06 11:50

公开时间:2015-11-06 11:50

漏洞类型:xss跨站脚本攻击

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-22: 细节已通知厂商并且等待厂商处理中
2015-09-22: 厂商已经确认,细节仅向厂商公开
2015-10-02: 细节向核心白帽子及相关领域专家公开
2015-10-12: 细节向普通白帽子公开
2015-10-22: 细节向实习白帽子公开
2015-11-06: 细节向公众公开

简要描述:

RT

详细说明:

http://link.58control.cn/AppLink.aspx?PlaceID=5&CityID=2&CateID=92241


在这个地方
早上X的 下午就到了

location : http://unionold.58.com/linktip/link/LinkList.aspx
toplocation : http://unionold.58.com/main.aspx
cookie : id58=05dz7lQ2A5t7ATttMBryAg==; ppqp=1; cookieuid=3d662cac-c637-4af4-8285-eeae97911269; pup_bubble=1; tj_ershoubiz=true; _um_uuid=06fd8dbdd06652c9231a9650d86de298; bangbangguoqi=true; Hm_lvt_b2bb18c2ed136da52f94a18a0e678b31=1425539921; tj_ershounobiz=true; g_new_UV=1; jjqp=1; bi_hmsr=none; bi_hmmd=none; bi_hmpl=none; bi_hmkw=none; bi_cookieid=14322632226786992956802; nearby=NOTSHOW; pgv_pvi=6227372032; Hm_lvt_3f405f7f26b8855bc0fd96b1ae92db7e=1437013924; tma=75252886.38706387.1421207499413.1435296869694.1437115451054.4; tmd=14.75252886.38706387.1421207499413.; __ag_cm_=1439284106847; ag_fid=9t3Ct6u5KEuwQZ3F; myfeet_tooltip=end; m58comvp=t25v211.151.3.34; cookieuid1=05dz7lXcQIRhKQJiA59dAg==; als=0; hots=%5B%7B%22d%22%3A0%2C%22s1%22%3A%22%E6%9C%88%E9%A5%BC%E5%8D%B7%22%2C%22s2%22%3A%22%E6%9C%88%E9%A5%BC%E7%9A%84%E5%81%9A%E6%B3%95%22%2C%22n%22%3A%22sou%22%7D%5D; Hm_lvt_b2bb18c2ed136da52f94a18a0e678b31=; CNZZDATA1000360599=1564854914-1441171289-http%253A%252F%252Funionold.58.com%252F%7C1441171289; mcity=bj; mcityName=%E5%8C%97%E4%BA%AC; nearCity=%5B%7B%22city%22%3A%22hf%22%2C%22cityName%22%3A%22%E5%90%88%E8%82%A5%22%7D%2C%7B%22city%22%3A%22bj%22%2C%22cityName%22%3A%22%E5%8C%97%E4%BA%AC%22%7D%5D; ABTESTCOOKIEVALUE=8; bangbigtip2=1; _ga=GA1.2.1317642183.1412822350; quanmyy=forfirst; final_history=19718134556426%2C19464073517315%2C23003185173258%2C19464367146369%2C22165169761546; _bu=2014101017554037101fbb; ipcity=tj%7C%u5929%u6D25; 58home=bj; t58com_action_user=892a2ec12e32a88ba7789a41f47e4000; city=www; Hm_lvt_850d0ecfa2c2e6e4dce8e4dbe08821b6=1442815701; Hm_lpvt_850d0ecfa2c2e6e4dce8e4dbe08821b6=1442820353; __utmt_pageTracker=1; __utmt=1; __autmz=75252886.1442820398.1.1.autmcsr=58.com|autmccn=(referral)|autmcmd=referral|autmcct=/huangye/; AdminCode=123456; CodeId=1; Admin_User0=PFNPQVAtRU5WOkVudmVsb3BlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOlNPQVAtRU5DPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VuY29kaW5nLyIgeG1sbnM6U09BUC1FTlY9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIiB4bWxuczpjbHI9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vc29hcC9lbmNvZGluZy9jbHIvMS4wIiBTT0FQLUVOVjplbmNvZGluZ1N0eWxlPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VuY29kaW5nLyI DQo8U09BUC1F; Admin_User1=TlY6Qm9keT4NCjxhMTpQYWlyIGlkPSJyZWYtMSIgeG1sbnM6YTE9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vY2xyL25zYXNzZW0vU3lzdGVtLldlYi5VSS9TeXN0ZW0uV2ViJTJDJTIwVmVyc2lvbiUzRDIuMC4wLjAlMkMlMjBDdWx0dXJlJTNEbmV1dHJhbCUyQyUyMFB1YmxpY0tleVRva2VuJTNEYjAzZjVmN2YxMWQ1MGEzYSI DQo8Rmlyc3QgeHNpOnR5cGU9InhzZDpsb25nIj42MjA8L0ZpcnN0Pg0KPFNlY29uZCBpZD0icmVmLTMiIHhzaTp0eXBlPSJTT0FQLUVOQzpzdHJpbmciPmxpeXc8L1NlY29uZD4NCjwvYTE6UGFpcj4NCjwvU09BUC1FTlY6Qm9keT4NCjwvU09BUC1FTlY6RW52ZWxvcGU DQo=; __autma=75252886.572332639.1442820398.1442820398.1442820398.1; __autmc=75252886; __autmb=75252886.2.10.1442820398; __utma=253535702.1317642183.1412822350.1442815701.1442820354.11; __utmb=253535702.4.10.1442820354; __utmc=253535702; __utmz=253535702.1442473958.4.3.utmcsr=tool.chinaz.com|utmccn=(referral)|utmcmd=referral|utmcct=/Tools/OpenWeb.aspx; new_session=0; init_refer=; new_uv=448; Hm_lvt_3bb04d7a4ca3846dcc66a99c3e861511=1442383500,1442572573,1442800640,1442803924; Hm_lpvt_3bb04d7a4ca3846dcc66a99c3e861511=1442820522


HTTP_REFERER : http://unionold.58.com/linktip/link/LinkList.aspx
    HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.6.2000 Chrome/30.0.1599.101 Safari/537.36
    REMOTE_ADDR : 117.131.169.144, 117.131.169.144


漏洞证明:

屏幕快照 2015-09-21 下午4.14.50.png


懒得探测了

修复方案:

你懂得

版权声明:转载请注明来源 残废@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-09-22 11:48

厂商回复:

测试环境的,并且后台是没有办法盲打登录成功的。
至于盲打的其它危害可能利用难度稍微稍微有点点大……
所以评为中危,会尽快修复处理。感谢小伙伴对58安全的关注。

最新状态:

暂无