漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0162979
漏洞标题:凤凰网某系统分站一处奇葩XSS脚本漏洞已打管理员
相关厂商:凤凰网
漏洞作者: 奶嘴
提交时间:2015-12-20 22:20
修复时间:2016-02-01 10:51
公开时间:2016-02-01 10:51
漏洞类型:XSS 跨站脚本攻击
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-20: 细节已通知厂商并且等待厂商处理中
2015-12-21: 厂商已经确认,细节仅向厂商公开
2015-12-31: 细节向核心白帽子及相关领域专家公开
2016-01-10: 细节向普通白帽子公开
2016-01-20: 细节向实习白帽子公开
2016-02-01: 细节向公众公开
简要描述:
RTRT
再申请处
意见反馈
详细说明:
http://www.ifeng.com/
再申请处
意见反馈
漏洞证明:
location : http://cosandfashion.ifeng.com/useradmin/suggestions
toplocation : http://cosandfashion.ifeng.com/useradmin/suggestions
cookie : vjuids=53d3c36a6.14fdf8b7114.0.448373b15fec5; vjlast=1442564502.1450401097.11; userid=1429517666658_dd6bq07112; IF_TIME=1448432894747; IF_USER=ccyy087; IF_REAL=0; sid=1FFC6AEFC46BACFA3E5A022FA55593C4ccyy087; supsea_name=zhangxq; FASHION_UINFO=a%3A3%3A%7Bs%3A8%3A%22IF_OUSER%22%3Bs%3A7%3A%22ccyy087%22%3Bs%3A7%3A%22IF_USER%22%3Bs%3A7%3A%22ccyy087%22%3Bs%3A6%3A%22IF_UID%22%3Bs%3A8%3A%2229461364%22%3B%7D; U_INFO=a%3A1%3A%7Bs%3A5%3A%22IF_WX%22%3Bi%3A1%3B%7D; prov=cn010; city=010; weather_city=bj; region_ip=210.51.19.2; region_ver=1.30; HOT_TAG=n; READ_TAG=n; USER_PRG_29461364_2=0; ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22779278aa4896142e257e2cb8240eb1e6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%2210.32.26.253%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0 %28compatible%3B MSIE 8.0%3B Windows NT 6.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1450402203%3B%7D851bd2ca5412f4db85b81ade266d5e9f; PHPSESSID=ujv9q4grp6fbokb23thdk2tme5
opener : http://cosandfashion.ifeng.com/admin/privilege/showlogin
修复方案:
过滤字符
有礼物吗?
版权声明:转载请注明来源 奶嘴@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-12-21 10:20
厂商回复:
非常感谢您对凤凰网信息安全的帮助。
最新状态:
暂无