乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-04: 细节已通知厂商并且等待厂商处理中 2014-11-09: 厂商已经确认,细节仅向厂商公开 2014-11-19: 细节向核心白帽子及相关领域专家公开 2014-11-29: 细节向普通白帽子公开 2014-12-09: 细节向实习白帽子公开 2014-12-19: 细节向公众公开
中国卫生人才网(http://www.21wecan.com)存在两处SQL注入。链接一:http://118.186.64.203/bdrs13part/query/queryAction.do?method=toQueryPage&uid=564
POST /bdrs13part/query/queryAction.do?method=query HTTP/1.1Host: 118.186.64.203Proxy-Connection: keep-aliveContent-Length: 283Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://118.186.64.203User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://118.186.64.203/bdrs13part/query/queryAction.do?method=toQueryPage&uid=564Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=500651E3EBB1E5DD31409FFE9BB48E27; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1415087236,1415087313,1415087316,1415087480; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1415087480table=CJCX_HSZMCX2012&unitId=564&type=2&columns%5B0%5D.property=%C0%EE%CB%C4&columns%5B0%5D.code=XM&columns%5B0%5D.colType=varchar2&columns%5B0%5D.operator=1&columns%5B1%5D.property=151121198809072113&columns%5B1%5D.code=SFZH&columns%5B1%5D.colType=varchar2&columns%5B1%5D.operator=1
链接二:http://118.186.64.203/bdrs/query/queryAction.do?method=toQueryPage&uid=402
POST /bdrs/query/queryAction.do?method=query HTTP/1.1Host: 118.186.64.203Proxy-Connection: keep-aliveContent-Length: 399Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://118.186.64.203User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://118.186.64.203/bdrs/query/queryAction.do?method=toQueryPage&uid=402Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=500651E3EBB1E5DD31409FFE9BB48E27; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1415087480,1415087697,1415087705,1415087725; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1415087725table=ZJZSCX_ZJZS2010JZ&unitId=402&type=2&columns%5B0%5D.property=%C0%EE%CB%C4&columns%5B0%5D.code=XM&columns%5B0%5D.colType=varchar2&columns%5B0%5D.operator=1&columns%5B1%5D.property=121121198807092113&columns%5B1%5D.code=SFZH&columns%5B1%5D.colType=varchar2&columns%5B1%5D.operator=1&columns%5B2%5D.property=123456&columns%5B2%5D.code=ZSBH&columns%5B2%5D.colType=varchar2&columns%5B2%5D.operator=1
危害等级:高
漏洞Rank:11
确认时间:2014-11-09 09:28
暂无