乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-07: 细节已通知厂商并且等待厂商处理中 2015-12-11: 厂商已经确认,细节仅向厂商公开 2015-12-21: 细节向核心白帽子及相关领域专家公开 2015-12-31: 细节向普通白帽子公开 2016-01-10: 细节向实习白帽子公开 2016-01-23: 细节向公众公开
...
WooYun: 国药集团某公司存在多处SQL注入漏洞(DBA权限/时间盲注/员工手机/邮箱等等) 这个注入,貌似网站加了防御,可是那么多密码为123456的账号被列出来都没有改啊!!!如下
anbaoayxbaihuabclbjcgbbjcwbbjgsqyxsbbjgstryybbjgsxsbbjgszzbscbjhdbjkfcdhchendongqingchenjchenleichenpeishengchenxiangrongchenyajuncjjcwmcxhcyjczczlczrddqrdemodengguangjundingjiweidingxhdlydxhfcfengjunfmfrfzlqtgaohonggbjgcyghpgjgkfxyy1gkfxyy2guanqiuyanguojiujiangguoshuaiguyuzhongguzhihaogyjhejiehetthrinternhsjhtxhuangjingxihuangxinhujianhuyongmeihxkhxpzxhyjjiangaofanjiangxuemeijilinjjcwjjgljjxdjjzbcgjjzbcwjwmjywkanglilikedehongklykrlflfylhlhyliaoqinlinlifeilifenglijlijilijialilingliminliuchunyanliufangliuqingliuxnliuzhaoyinglixinlizhilmylujiongluljluoqiangliluquanlxflywlzlzlminjienichuanhongnihuiminnjnmjnptpanwenyipcdpglpublicationqqzqueyujingqxgryhscxshshenbinbinshendshenjieshenlishenxiaochishenzhibinshiqiangshizhansjsljsmkxsongbinsongkaisunliliswdsxgssygstaoyonghongtcgstshwangcywangerliwangfwanggwangjiayanwanglingwangweiwangywgqwlfwnwwpwsnwuhepingwuhongwujinwujinhuawxzwybwyfwyzxhfxiaolxiarunqiuxinchaobenxinyuxjfxrxxujialinxumxurongxuzengyiyangrongyangyalingyangylydydqydxyeqianyglyjbyjjylyyqhczxyuanlinghuiyzlzczcfzcjzdzfyzhangchengzhangdongmeizhangguorongzhanghairongzhanghongzhangjpzhanglzhangluzhangnanzhangwenzhangxiaolizhangxueqizhangyezhangyizhangzhigangzhaolizhaonazhengkaijunzhongxiaoxiongzhoujianwenzhucaifangzhuchuanmingzhuliqiangzhuqianzhuwenjiazhuwenjunzhuwenqianzjxzuochunzwhzybzyjzyqzzw
并且登录的地方没有验证码,可以爆破登录证明
改密
危害等级:高
漏洞Rank:20
确认时间:2015-12-11 15:02
已经修复中
暂无