乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-16: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-03-02: 厂商已经主动忽略漏洞,细节向公众公开
超级简单注入
提交字符没有过滤
简单查询几条管理员记录证明,完毕:
Table: dbo.adminlist[18 entries]+-------+--------+----------------+----------------------------------+-----------+--------------+| state | a_role | userip | a_passwd | add_user | a_username |+-------+--------+----------------+----------------------------------+-----------+--------------+| 1 | 30 | 221.3.133.249 | 4F371A5A4A3A2AB18074436EAD7A2E20 | admin | admin || 1 | 32 | NULL | 6E09CBD816BFC36698061DE609078A3E | admin | baihao || NULL | 33 | 106.3.243.10 | 7997FD3E4191EC9158A903A12382C603 | admin | caiwu01 || 1 | 38 | NULL | 733D7BE2196FF70EFAF6913FC8BDCABF | admin | chaifen01 || 1 | 42 | 221.3.133.249 | E10ADC3949BA59ABBE56E057F20F883E | admin | dengrui || NULL | 41 | NULL | C8837B23FF8AAA8A2DDE915473CE0991 | 王乃锋 | dongshizhang || NULL | 46 | 106.3.243.10 | 9DEF96B3F332FA5081E183A90C46359B | 王乃锋 | gongbo || 1 | 25 | 222.35.39.234 | E10ADC3949BA59ABBE56E057F20F883E | 刘广 | housuyang || 1 | 39 | 124.205.228.66 | E10ADC3949BA59ABBE56E057F20F883E | admin | huxiaowei || 0 | 40 | NULL | C33367701511B4F6020EC61DED352059 | admin | jiandu || NULL | 25 | 106.3.243.10 | E8B8F49EBC6164010CD5AF6F2A5A597B | housuyang | jingrui || 1 | 31 | NULL | FA10572BCF683638DDA90C725DC65DAA | admin | kefu01 || NULL | 25 | 106.3.243.10 | C8837B23FF8AAA8A2DDE915473CE0991 | 刘广 | kxr01 || NULL | 25 | 106.3.243.10 | E10ADC3949BA59ABBE56E057F20F883E | 王乃锋 | kxrcs || NULL | 25 | NULL | 348A5913596A314BEADD82A7A3BD30BA | 王乃锋 | liangdong || 1 | 36 | 124.205.228.66 | 05695309C5EDBA8E179545E1851EEDBA | admin | liujing || 1 | 32 | NULL | B5824C03A7C72E4BD57B15AE9F160636 | admin | mengfanxing || NULL | 31 | NULL | C8837B23FF8AAA8A2DDE915473CE0991 | admin | quchangxu |+-------+--------+----------------+----------------------------------+-----------+--------------+
这个不用我说了吧
未能联系到厂商或者厂商积极拒绝