乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-19: 细节已通知厂商并且等待厂商处理中 2014-06-19: 厂商已经确认,细节仅向厂商公开 2014-06-29: 细节向核心白帽子及相关领域专家公开 2014-07-09: 细节向普通白帽子公开 2014-07-19: 细节向实习白帽子公开 2014-08-03: 细节向公众公开
春秋航空某站点数据库信息泄漏
http://edu.china-sss.com/search.vip
<?phpdefine('_DBTYPE',"mysql");define('_HOSTNAME',"localhost");define('_DATABASE',"projectmana");define('_USERNAME',"root");define('_PASSWORD',"root");$url = "/index.html"; if($_POST['search_word']){ include_once(dirname(__FILE__)."/lib/adodb/adodb.inc.php"); ADOLoadCode(_DBTYPE); $db = &ADONewConnection(_DBTYPE); $db->Connect(_HOSTNAME,_USERNAME,_PASSWORD,_DATABASE); $sql = "select url from jj_searchurl where category='".$_POST['category']."' and keywords like '%".htmlspecialchars(trim($_POST['search_word']))."%'"; $rs = $db->execute($sql); if(!$rs->EOF){ $url = $rs->fields('url'); }}echo '<script language="javascript">document.location.href="'.$url.'";</script>';?>
危害等级:高
漏洞Rank:15
确认时间:2014-06-19 10:43
已收到,谢谢。
暂无