乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-08: 细节已通知厂商并且等待厂商处理中 2015-04-08: 厂商已经确认,细节仅向厂商公开 2015-04-18: 细节向核心白帽子及相关领域专家公开 2015-04-28: 细节向普通白帽子公开 2015-05-08: 细节向实习白帽子公开 2015-05-23: 细节向公众公开
可获取34万用户详细资料
具体为可可英语网络学院漏洞位于搜索处搜索1http://xue.kekenet.com/index.php/search.html?word=1对参数word过滤不严,导致注入
Database: study[65 tables]+----------------------+| dict_words || dict_words_bak || uchome_day_ju || uchome_day_lian || uchome_day_love_log || uchome_day_pin || uchome_day_score_jb || uchome_day_shu || uchome_day_tin || uchome_day_uid || wx_cate || wx_class || wx_comment || wx_grade || wx_hot_class || wx_jiangtang || wx_nav || wx_org || wx_sale_class || wx_teacher || zn_admin || zn_admin_loginlog || zn_announcement || zn_article_love || zn_article_love_log || zn_collect || zn_column || zn_column_tags || zn_comment || zn_err_word_group || zn_err_words || zn_findpass || zn_help || zn_keywords || zn_leit_music || zn_leit_music_part || zn_leit_music_review || zn_leit_presenter || zn_leit_ting || zn_leit_ting_part || zn_leit_ting_review || zn_leit_trans || zn_leit_trans_part || zn_leit_trans_review || zn_leit_word || zn_leit_word_changes || zn_leit_word_part || zn_leit_word_review || zn_liulan || zn_news_ting || zn_open || zn_session || zn_study_log || zn_sugg_category || zn_sugg_feedback || zn_sugg_suggestions || zn_tag || zn_user || zn_user_column || zn_user_column_group || zn_user_email_log || zn_user_tag || zn_web_class || zn_web_class_apply || zn_xlogin |+----------------------+
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-04-08 13:47
我们抓紧修复,谢谢提醒!
暂无