2016-03-20: 细节已通知厂商并且等待厂商处理中 2016-03-23: 厂商已经确认,细节仅向厂商公开 2016-04-02: 细节向核心白帽子及相关领域专家公开 2016-04-12: 细节向普通白帽子公开 2016-04-22: 细节向实习白帽子公开 2016-05-07: 细节向公众公开
RT-打开1秒就看到内部体系,哇-什么情况,吓一跳,有问题!
统一登入http://gamemanager.duowan.com/auther/login.html
支撑门户管理
http://gamemanager.duowan.com/
打开一个(Ctrl+Ait+A截图下) 登入-抓包:HTTP/1.1 200 OKServer: nginxDate: Fri, 18 Mar 2016 11:16:38 GMTContent-Length: 4447Connection: closeCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheExpires: Wed, 31 Dec 1969 23:59:59 GMTjQuery172027911521482223267_1458299667079({"reason":"æä½æå","status":0,"list":[{"dtOpDate":"2014-01-22 11:07:44.0","vIp":"http://gamemanager.duowan.com/auther/login.html","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"0","vSysName":"ç»ä¸æé管çç³»ç»","vDesc":null,"vEnName":"gameauther"},{"dtOpDate":"2014-06-06 11:17:35.0","vIp":"http://admin.show.game.yy.com/index.html","vOpPassport":"dw_huangwenwen","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"2E3F673294104FD9A46F9B6B05EAB6FD","vSysName":"端游YYç§å¹³å°","vDesc":null,"vEnName":"gameshow"},{"dtOpDate":"2014-11-21 11:25:18.0","vIp":"http://gamemanager.duowan.com/managerserver","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"321A1F56E6384C8A9376AB092CA27086","vSysName":"åºæ管çç³»ç»","vDesc":null,"vEnName":"managerserver"},{"dtOpDate":"2014-06-05 14:28:37.0","vIp":"http://gamemanager.duowan.com/manageractivity","vOpPassport":"dw_huangwenwen","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*|/(do/sys/reload.*)?","vState":"S0A","vSysId":"42078B48EEF043888A9452ED028CDB68","vSysName":"æ´»å¨ç®¡çç³»ç»","vDesc":null,"vEnName":"manageractivity"},{"dtOpDate":"2014-08-18 19:21:59.0","vIp":"http://admin.yysafe.game.yy.com","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"4252A8FAD2564A1783C7E480EBC068C7","vSysName":"åå¤æ","vDesc":null,"vEnName":"yysafe"},{"dtOpDate":"2014-05-27 15:16:45.0","vIp":"http://admin.activityboard.game.yy.com","vOpPassport":"dw_dengjun","vPattern":"","vState":"S0A","vSysId":"79D20001993C4EDA81C7924CCB2A80E0","vSysName":"çè¨ç®¡çç³»ç»","vDesc":null,"vEnName":"activityboard"},{"dtOpDate":"2014-09-12 16:24:13.0","vIp":"http://admin.unionsys.game.yy.com","vOpPassport":"dw_dengqibin","vPattern":"","vState":"S0A","vSysId":"862238184D844E739B2A7355809E957C","vSysName":"å·¥ä¼ç³»ç»","vDesc":null,"vEnName":"unionsys"},{"dtOpDate":"2014-11-21 11:25:03.0","vIp":"http://gamemanager.duowan.com/dylogin","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"93C86A16627647C19B76A3A74F2DD5E1","vSysName":"端游ç»å½ç³»ç»","vDesc":null,"vEnName":"dylogin"},{"dtOpDate":"2014-06-19 16:03:31.0","vIp":"http://gamemanager.duowan.com/gameactivate","vOpPassport":"dw_huangwenwen","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*|/(.*/activate(WithGift)?.*)?|/do/sys/reload.*|.*/inneractivate.*","vState":"S0A","vSysId":"9DD5699444A04264B3991ABAC88D47AF","vSysName":"æ¿æ´»ç®¡çç³»ç»","vDesc":null,"vEnName":"gameactivate"},{"dtOpDate":"2014-11-21 11:25:09.0","vIp":"http://gamemanager.duowan.com/managerfcm","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"A396029DCBFD4EA7BF25B5DDDA9B1668","vSysName":"é²æ²è¿·ç®¡çç³»ç»","vDesc":null,"vEnName":"managerfcm"},{"dtOpDate":"2014-04-29 17:25:58.0","vIp":"http://gamemanager.duowan.com/Analysis/index.html","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"B61CF646EF6A45028E5F86A922C0F568","vSysName":"ç»è¥åæç³»ç»","vDesc":null,"vEnName":"analysis"},{"dtOpDate":"2015-01-08 11:02:29.0","vIp":"http://admin.versionmgr.game.yy.com","vOpPassport":"dw_jiangtaoye","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*","vState":"S0A","vSysId":"CB188D2F4359403BB3278C5A263830C0","vSysName":"çæ¬æ´æ°ç®¡çç³»ç»","vDesc":null,"vEnName":"versionmgr"},{"dtOpDate":"2014-08-19 16:00:44.0","vIp":"admin.prizegrant.game.yy.com","vOpPassport":"dw_liumiao","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"CBC239656BFC4A4CB6827D6DC6124E92","vSysName":"å¥ååæ¾ç³»ç»","vDesc":null,"vEnName":"prizegrant"},{"dtOpDate":"2014-06-06 12:28:28.0","vIp":"http://admin.cgame.game.yy.com/index.html","vOpPassport":"dw_huangwenwen","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"CDF1119BD346478E837F9318E73B766D","vSysName":"端游大å åå°ç®¡çç³»ç»","vDesc":null,"vEnName":"cgame"},{"dtOpDate":"2015-09-17 17:24:08.0","vIp":"58.215.138.144","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"D5C87227014248F48E8B33B311480AFC","vSysName":"æµè¯","vDesc":null,"vEnName":"test"}]});附图:
登入-抓包:HTTP/1.1 200 OKServer: nginxDate: Fri, 18 Mar 2016 11:16:38 GMTContent-Length: 4447Connection: closeCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheExpires: Wed, 31 Dec 1969 23:59:59 GMTjQuery172027911521482223267_1458299667079({"reason":"æä½æå","status":0,"list":[{"dtOpDate":"2014-01-22 11:07:44.0","vIp":"http://gamemanager.duowan.com/auther/login.html","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"0","vSysName":"ç»ä¸æé管çç³»ç»","vDesc":null,"vEnName":"gameauther"},{"dtOpDate":"2014-06-06 11:17:35.0","vIp":"http://admin.show.game.yy.com/index.html","vOpPassport":"dw_huangwenwen","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"2E3F673294104FD9A46F9B6B05EAB6FD","vSysName":"端游YYç§å¹³å°","vDesc":null,"vEnName":"gameshow"},{"dtOpDate":"2014-11-21 11:25:18.0","vIp":"http://gamemanager.duowan.com/managerserver","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"321A1F56E6384C8A9376AB092CA27086","vSysName":"åºæ管çç³»ç»","vDesc":null,"vEnName":"managerserver"},{"dtOpDate":"2014-06-05 14:28:37.0","vIp":"http://gamemanager.duowan.com/manageractivity","vOpPassport":"dw_huangwenwen","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*|/(do/sys/reload.*)?","vState":"S0A","vSysId":"42078B48EEF043888A9452ED028CDB68","vSysName":"æ´»å¨ç®¡çç³»ç»","vDesc":null,"vEnName":"manageractivity"},{"dtOpDate":"2014-08-18 19:21:59.0","vIp":"http://admin.yysafe.game.yy.com","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"4252A8FAD2564A1783C7E480EBC068C7","vSysName":"åå¤æ","vDesc":null,"vEnName":"yysafe"},{"dtOpDate":"2014-05-27 15:16:45.0","vIp":"http://admin.activityboard.game.yy.com","vOpPassport":"dw_dengjun","vPattern":"","vState":"S0A","vSysId":"79D20001993C4EDA81C7924CCB2A80E0","vSysName":"çè¨ç®¡çç³»ç»","vDesc":null,"vEnName":"activityboard"},{"dtOpDate":"2014-09-12 16:24:13.0","vIp":"http://admin.unionsys.game.yy.com","vOpPassport":"dw_dengqibin","vPattern":"","vState":"S0A","vSysId":"862238184D844E739B2A7355809E957C","vSysName":"å·¥ä¼ç³»ç»","vDesc":null,"vEnName":"unionsys"},{"dtOpDate":"2014-11-21 11:25:03.0","vIp":"http://gamemanager.duowan.com/dylogin","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"93C86A16627647C19B76A3A74F2DD5E1","vSysName":"端游ç»å½ç³»ç»","vDesc":null,"vEnName":"dylogin"},{"dtOpDate":"2014-06-19 16:03:31.0","vIp":"http://gamemanager.duowan.com/gameactivate","vOpPassport":"dw_huangwenwen","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*|/(.*/activate(WithGift)?.*)?|/do/sys/reload.*|.*/inneractivate.*","vState":"S0A","vSysId":"9DD5699444A04264B3991ABAC88D47AF","vSysName":"æ¿æ´»ç®¡çç³»ç»","vDesc":null,"vEnName":"gameactivate"},{"dtOpDate":"2014-11-21 11:25:09.0","vIp":"http://gamemanager.duowan.com/managerfcm","vOpPassport":"dw_liuhanlin","vPattern":"","vState":"S0A","vSysId":"A396029DCBFD4EA7BF25B5DDDA9B1668","vSysName":"é²æ²è¿·ç®¡çç³»ç»","vDesc":null,"vEnName":"managerfcm"},{"dtOpDate":"2014-04-29 17:25:58.0","vIp":"http://gamemanager.duowan.com/Analysis/index.html","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"B61CF646EF6A45028E5F86A922C0F568","vSysName":"ç»è¥åæç³»ç»","vDesc":null,"vEnName":"analysis"},{"dtOpDate":"2015-01-08 11:02:29.0","vIp":"http://admin.versionmgr.game.yy.com","vOpPassport":"dw_jiangtaoye","vPattern":"(?i)(/(login|index).html|/(css|scripts|images|My97DatePicker)/).*","vState":"S0A","vSysId":"CB188D2F4359403BB3278C5A263830C0","vSysName":"çæ¬æ´æ°ç®¡çç³»ç»","vDesc":null,"vEnName":"versionmgr"},{"dtOpDate":"2014-08-19 16:00:44.0","vIp":"admin.prizegrant.game.yy.com","vOpPassport":"dw_liumiao","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"CBC239656BFC4A4CB6827D6DC6124E92","vSysName":"å¥ååæ¾ç³»ç»","vDesc":null,"vEnName":"prizegrant"},{"dtOpDate":"2014-06-06 12:28:28.0","vIp":"http://admin.cgame.game.yy.com/index.html","vOpPassport":"dw_huangwenwen","vPattern":".*(.do|/udb(sdk)?|.(js|css)|/((css|js|img|images)/)).*|/(do/sys/reloadAll)?|/((login|index).html|user/auth)","vState":"S0A","vSysId":"CDF1119BD346478E837F9318E73B766D","vSysName":"端游大å åå°ç®¡çç³»ç»","vDesc":null,"vEnName":"cgame"},{"dtOpDate":"2015-09-17 17:24:08.0","vIp":"58.215.138.144","vOpPassport":"dw_liumiao","vPattern":"","vState":"S0A","vSysId":"D5C87227014248F48E8B33B311480AFC","vSysName":"æµè¯","vDesc":null,"vEnName":"test"}]});附图:
RT
危害等级:高
漏洞Rank:15
确认时间:2016-03-23 09:08
感谢对于欢聚时代的安全工作的支持,我们会尽快修复!
暂无
